Uncover the infinite in IT

How Can We Help?
Table of Contents
< All Topics

Understanding and Setting Up a Basic Firewall with UFW

Tutorial Overview

Learn how to configure UFW (Uncomplicated Firewall), a simple interface for managing iptables. We will cover enabling UFW, setting rules for common services, and checking the firewall status.

Prerequisites

  • Root or sudo access.

Steps

Step 1: Install and Enable UFW

1. Install UFW if not already installed:

sudo apt install ufw -y

2. Enable UFW:

sudo ufw enable
  • You’ll be prompted to confirm enabling the firewall, as it will block all traffic not explicitly allowed.

Step 2: Configure Basic UFW Rules

1. Allow SSH traffic:

  • If you are using the default SSH port (22):
sudo ufw allow ssh
  • If you changed the SSH port (e.g., to 2222), specify the port:
sudo ufw allow 2222/tcp

2. Allow web traffic:

  • Allow HTTP (port 80) and HTTPS (port 443) for web servers:
sudo ufw allow http
sudo ufw allow https

3. Set specific IP-based rules (optional):

  • Allow only specific IP addresses to connect to SSH:
sudo ufw allow from 192.168.1.5 to any port 2222

4. Deny incoming connections as needed:

  • Deny access from a specific IP address
sudo ufw deny from 192.168.1.100

Step 3: Check UFW Status and Enable Logging

1. Check the status and view active rules:

sudo ufw status verbose

2. Enable logging to monitor firewall activity:

sudo ufw logging on
  • Logs are stored in /var/log/ufw.log for analysis.

3. Test the configuration:

Attempt to connect using allowed and denied services to ensure rules work as expected.