Hello Friends
Let's start by defining what is a firewall, according to wikipedia, a firewall is a network security system that controls and monitors incoming and outgoing network traffic based of specific rules, ufw is a firewall software application, ufw is a short for uncomplicated firewall, because it is really easy to deal with it and of course it is much easier than other firewall applications like iptables for example, so open a terminal window and let's get started.
- Installing and enable ufw at startup
Let's start by installing ufw on the system simply by typing
$ sudo apt install ufw
This command will install it on the system and if it was already installed you will get notified by that, once installed, the next step is to make it enable, but first let's check the status of the new installed ufw
$ sudo ufw status verbose
The above command show the status of ufw, in our case we should get status: inactive, so to activate it just type
$ sudo ufw enable
You should get a message telling you that the firewall is active and enabled on system startup, but for some reason if that doesn't work just type
$ sudo systemctl enable ufw
$ sudo systemctl start ufw
Check again by typing
$ sudo ufw status verbos
You should get status:active and some default information about your firewall.
By default ufw will deny all the incoming connections and allow all the ongoing connections, that's mean your server will communicate with the outside with it's application, but it will deny any connection requests from the outside to your server, but If you need that command to make it deny all incoming connections just type
$ sudo ufw default deny incoming
so let's start configure our firewall
- Configure ufw
Let's say that you are using ssh to configure your server and you need to accept ssh connection, we can do this by simply type
$ sudo ufw allow ssh
or
$ sudo ufw allow 22
As you can see we can configure ufw to a service or a port, but be noted that I don't recommend allowing something with its port unless it was necessary, I always use a service and I advise and highly recommended that you will do the same, it is more like a personal preference but it is a good practice.
let's accept http and https incoming requests
$ sudo ufw allow http
$ sudo ufw allow https
or
$ sudo ufw allow 80
$ sudo ufw allow 443
In some cases you just need to open a range of ports with specific protocol like TCP or UPD, you can do this by typing
$ sudo ufw allow 5050:5060/tcp
$ sudo ufw allow 9870:9873/upd
Let's say you want to deny an incoming connection, it is just by replacing the word "allow" in the above commands with the word "deny"
Examples:
$ sudo ufw deny http
$ sudo ufw deny 443
$ sudo ufw deny 9870:9873/upd
You can also deny an ip from connecting to your server by adding the word "from"
$sudo ufw deny from 45.45.45.45
Now Let's say that you need to delete a rule that you already added in the firewall to do that just first type
$ sudo ufw status numbered
You will get an ordering numbers beside each rule we added in the firewall, let say you need to delete rule number 2 just do that by typing
$ sudo ufw delete 2
it should ask you for confirmation, type "y" and press Enter and the rule will be gone.
If you are like me and don't like the above method there is another one which I prefer and use, it is just delete the allow or deny service or port, Example:
$ sudo ufw delete allow http
$ sudo ufw delete deny 443
and so on, I hope you got the idea.
Let's now talk about the outgoing traffic, let's say you need to deny or allow your server from a service or port, it will work as same as all the above commands except we need to add the word "out", Example:
$ sudo ufw allow out https
$ sudo ufw allow out 80
$ sudo ufw deny out 25
$ sudo ufw deny out imap
- Final ufw useful commands
$ sudo ufw reset
This command will reset all the configuration we made to its default and it will get back as like we just install it.
$sudo ufw logging on
This command allow your firewall to log it's activities, in some cases you can find the log in /var/log/ufw and other cases you can find the log in /var/log/messages , /var/log/kern.log , /var/log/syslog
$sudo ufw disable
This command will disable the firewall and removing it from startup application system.
-------------------------------------------------
As you can see, ufw is for real an uncomplicated firewall, it is easy to deal with and easier than other firewall softwares like iptables and others.
Thank you so much for reading, I hope you find something useful in this article post and it helped you someway.
Comments
Post a Comment