Grid Guide Topics
Table of Contents
- Install UFW
- Check UFW Status
- Using IPv6 with UFW
- UFW Default Policies
- Allow SSH Connections
- Enable UFW
- Allow Connections on Other Ports
- Deny Connections
- Deleting UFW Rules
- Disable UFW
- Reset UFW
A properly configured firewall is one of the important aspects of overall system security. Ubuntu associated with a firewall configuration tool named UFW i.e Uncomplicated Firewall. Its primary goal is to manage iptables easier.
Make sure that you have logged into your server with a non-root user account with sudo privileges or with the root user. If you don't have a non-root user account, you can create one by following our guide, How to do Initial Server Setup with Ubuntu 18.04. It’s better to use sudo in place of Root to run Administrative commands.
By default UFW is installed in Ubuntu 18.04, if it is not installed on your system, you can install the UFW package by using below command.
$ sudo apt install ufw
Check UFW Status
Once the installation is completed you can check the status of UFW with the below command.
$ sudo ufw status verbose
By default, UFW is disabled. You have to enable it by using below command.
$ sudo ufw enable
Now it is activated.
Using IPv6 with UFW
If your VPS is configured for IPv6, ensure that UFW is configured to support IPv6 so that will configure both IPv4 and IPv6 firewall rules. To do that, open the UFW configuration with this command:
$ sudo vi /etc/default/ufw
Then you have to set IPv6 to “yes” like this:
Save and exit then restart the firewall with below commands:
sudo ufw disable sudo ufw enable
Now the UFW will configure the firewall for both IPv4 and IPv6.
UFW Default Policies
UFW will lock all incoming connections and allow all outbound connections. This means that anyone trying to access your server will not be able to connect, if not you open the port. This means all incoming connections are restricted and allow all outgoing connections. The default policies can be set by using below commands.
$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing
If you want to be more restrictive, you can also deny all outgoing requests as well. This can be done by using below command.
$ sudo ufw default deny outgoing
Allow SSH Connections
Before enabling the firewall we need to add a rule which will allow incoming SSH connections. To configure the UFW firewall, allow all incoming SSH connections by entering the below command.
$ sudo ufw allow ssh
The syntax for adding this service is quite easy. For example, The below command allows a connection on port 22 using TCP protocol.
$ sudo ufw allow 22/tcp
If your SSH server is running on port 2222, we could enable connections with below command.
$ sudo ufw allow 2222/tcp
So far UFW firewall is configured to allow all incoming SSH connections. Now we can enable it by entering the below command.
$ sudo ufw enable
Allow connections on other ports
Depending on applications that run on your server, you will also allow incoming access to some other ports. How to allow incoming connections to some of the services are given below.
Open port 80-HTTP
By using below commands HTTP connections can be allowed.
$ sudo ufw allow http
You can use port number 80 in place of http:
$ sudo ufw allow 80/tcp
Also you can use application profile like “Nginx HTTP” :
$ sudo ufw allow 'Nginx HTTP'
Open port 8080
If you run Tomcat or any other application that listens on port 8080 to allow incoming connections to enter below command.
$ sudo ufw allow 8080/tcp
Allow Port Ranges
Instead of allowing access to single ports UFW allows us to access port ranges. If you allow port ranges with UFW, you must specify the protocol, either tcp or udp. For example, if you want to allow port from 7100 to 7200 on both tcp and udp then run below command.
$ sudo ufw allow 7100:7200/tcp $ sudo ufw allow 7100:7200/udp
Allow IP Addresses
To allow access on all ports from the home machine with IP Address of 18.104.22.168, Then use the below command.
$ sudo ufw allow from 22.214.171.124
The default policy for all incoming connections is set to deny and if you haven’t changed it, UFW will block all incoming connection unless you explicitly open the connection.
For example, you have opened the ports 80 and 443 and your server is under attack from the 126.96.36.199/24 network. To deny all connections from that IP addresses you can use the below command.
$ sudo ufw deny from 188.8.131.52/24
If you want to deny access to ports 80 and 443 from that IP Address you can use the below command.
$ sudo ufw deny from 184.108.40.206/24 to any port 80 $ sudo ufw deny from 220.127.116.11/24 to any port 443
Writing allow rules are also same as deny rules, only need to replace allow with deny.
Deleting UFW Rules
There are two ways to delete UFW rules.
By rule number. For example, To delete UFW rule by rule number is as below command.
$ sudo ufw delete 2
By specifying the actual rule. For example, To delete UfW rule by specifying the actual rule is as below
$ sudo ufw delete allow 8069
If you want to stop UFW and deactivate all rules you can use below command.
$ sudo ufw disable
If you want to re-enable UFW and activate all rules, You can use below command.
$ sudo ufw enable
If you reset UFW, it will disable
and delete all active rules. To reset UFW, Enter the below command.
$ sudo ufw reset
In this guide, we have explained how to install and configure the UFW firewall on Ubuntu 18.04 server. Be sure to allow all incoming connections that are necessary for proper functioning of your system.