Simple intro for ufw on Ubuntu

Overall, firewalls are an essential tool for network security and can be used in a variety of ways to protect networks and devices from unauthorized access and other security threats.

In early years, iptables was a widely used command-line tool for configuring the Linux kernel’s firewall. While it offers powerful and customizable features, it can be challenging for those who are not familiar with the command-line interface or networking concepts to use effectively.

To simplify the configuration of iptables, the Uncomplicated Firewall (ufw) was developed. Ufw provides a user-friendly interface for configuring iptables rules and policies, making it more accessible for users who are not experienced with command-line interfaces.

After configuring the firewall settings using ufw, you can check the changes by typing sudo iptables -L -n to see the difference in the configuration. Overall, using ufw to configure iptables simplifies the process and makes it more accessible for a wider range of users, without sacrificing the power and flexibility of iptables.

Installation

sudo apt-get install ufw

Enable ufw, it’s disable initially.

sudo ufw enable

Check ufw status

sudo ufw status verbose

You can allow or deny incoming, outgoing setting by using

sudo ufw default deny incoming

deny can be changed to allow

incoming can be changed to outgoing

Set for port

Next, you can assign to allow or deny a specific port by using

sudo ufw ALLOW/DENY PORT_NUMBER

For example

sudo ufw allow 80

Just keep things simple. Here, we open port for http, https, and ssh. These ports are well-known by people, so you can just type…

sudo ufw allow http
sudo ufw allow https
sudo ufw allow ssh

Check port status

sudo ufw status numbered

Delete rule

You can see there is a number before each rule, so you can just delete the rule by the number

sudo ufw delete NUMBER

For example

sudo ufw delete 1

Restrict for a certain IP

You can also limit only a certain IP can access a certain port.

sudo ufw ALLOW/DENY from xxx.xxx.xxx.xxx {port NUMBER}

xxx.xxx.xxx.xxx is the IP you want to restrict. NUMBER is the port number you want to restrict. Port is an optional setting.

For example

sudo ufw allow from 192.168.0.1
sudo ufw allow from 192.168.0.1 port 80

Enable/Disable log

ufw also provides logging feature. You can turn it on by the following command and log will be saved at /var/log/ufw.log

# Turn on logging
sudo ufw logging on

# Turn off logging
sudo ufw logging off

List available applications

list the available application profiles that have been defined for use with the Uncomplicated Firewall (UFW).

sudo ufw app list

Enable application profile

sudo ufw allow APPLICATION_NAME

# For example, enable Nginx Full profile
sudo ufw allow "Nginx Full"