Protecting your server with the UFW firewall on Ubuntu
published on
UFW, or the uncomplicated firewall, is meant to be a simple way of protecting your server by making it easier to setup and use a firewall.
In order to do this some of the commands you might use can be found below.
Installing UFW firewall
To install type sudo apt install ufw.
Configuring IPv6 use
Type sudo nano /etc/default/ufw and look for the line 'IPv6='. If you do have an IPv6 address pointing to this server make sure to add yes; if not add no.
Setting up the default rules
To set up what happens when no other rules are found that apply (and make your server more secure by default) type sudo ufw default deny incoming and sudo ufw default allow outgoing.
Make sure to allow access to the SSH port
This is done with the following command: sudo ufw allow [SSH port number] (where the default is 22).
Change the logging level
sudo ufw logging {low|med|high} (where one of the three is chosen)
Enable (turn on) UFW
sudo ufw enable
Checking the status of UFW
sudo ufw status verbose
Disable (turn off) UFW
sudo ufw disable
Reset (remove all rules)
sudo ufw reset
Allowing (opening) ports
To allow traffic on certain ports type sudo ufw allow [port].
Allowing and denying traffic from certain IP addresses
To allow (whitelist) certain IPs to access your server type sudo ufw allow from [ip address]. If instead you wish to deny (blacklist) an IP address from accessing your server type sudo ufw deny from [ip address].
Deleting rules
You may wish to delete rules that no longer apply or that were added in error by typing sudo ufw status numbered to list all existing rules with accompanying numbers. The numbers can then be used to delete a rule with sudo ufw delete [rule number].
Final thoughts
The commands above are only a small number of commands which allow you to control your firewall and, in turn, the security of your server. More information can be found be typingman ufw at the command line or by visiting http://man.he.net/man8/ufw.
Whilst the above commands may not cover every command in full they provide all the basics you need to make a start in protecting your server.