Using UFW – Uncomplicated Firewall in Ubuntu

UFW is a fantastic easy to use command line firewall software which generally comes bundled in all Ubuntu servers in particular . It is a great tool to work with and handles all major firewalling tasks with lot of ease and is quite user friendly. For desktops users, a GUI is available to handle all firewall activities and the interface makes it quite user friendly even for someone who does not understand firewalls too well. The following commands are a base for doing simple tasks on a server – hardening the Ubuntu server in some ways. These are really basic commands and more can be found on the Ubuntu Help Documentation

The assumption here is that you are connected to a Ubuntu server using SSH and ufw is disabled. By default ufw is disabled in a Ubuntu server.

  1. To enable ufw: sudo ufw enable
  2. Once it is enabled, you must allow SSH so that your current session will continue to work and then block all other services. Selectively you can then allow services, ports, IP address, range of ports etc,
  • sudo ufw allow ssh – This allows ssh
  • sudo ufw default deny – This denies everything else
  • sudo ufw status – This shows current rules that are enabled
  • sudo ufw status numbered – This shows the rules and gives a number which makes it easy to identify
  • sudo ufw allow 25 – This allows smtp service
  • sudo ufw deny 25 – This denies smtp
  • sudo ufw delete 6 – This will delete rule number 6. Rule number 6 is identified after running the command – sudo ufw status numbered
  • sudo ufw allow from 192.168.1.10 to any port 5525 – This opens port # 5525 for a particular IP
  • sudo ufw allow proto udp to any port 10001:15000 – This allows the entire port range of 10001 to 15000 for UDP traffic

Ensure you dont lock yourself out, before you allow ssh. The first two bullets should be run in that sequence. Refer to Ubuntu documentation for detailed ufw usage. It is a great tool to have knowledge about

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s