Ubuntu has a default firewall module, but it is disabled after installation. It also comes with a configuration tool called Uncomplicated Firewall (UFW) which can be used to manage firewall apps.
The user-friendly tool allows system admins to manage the Ubuntu firewall module. You can use UFW to enable and manage firewall rules and disable it if it’s already enabled.
This brief tutorial shows students and new users how to enable and manage Ubuntu firewalls on Ubuntu 16.04 | 18.04 servers and create rules to keep your server secured and protected from external threats.
When you’re ready to manage the Ubuntu firewall, follow the steps below:
Enable Ubuntu Firewall
Since the firewall module is disabled by default, the commands below enable it. But first, run the commands below to see the status of the firewall system.
sudo ufw status
That should display a similar message as below: Status: inactive
Status: inactive
This is the default state of the firewall module.
You can also run the commands below to check the status
sudo ufw status verbose
Now, you’ll want to enable the firewall module to protect your server. If the firewall is activated, by default, it will block all incoming connections and allow all outbound connections.
So if you’re running servers and services that must be assessed externally, you’ll want to allow those traffic.
The good thing about Ubuntu is many of the popular servers and services have profiles that can be managed via UFW to allow and disallow traffic to them.
The apt command adds an application profile to the/etc/ufw/applications.d directory. You can list these profiles by running the commands below:
sudo ufw app list
You should see a list of apps that can easily be allowed and disallowed via UFW.
Available applications: Nginx Full Nginx HTTP Nginx HTTPS OpenSSH
You can easily run the commands below to allow external traffic to the Nginx HTTP server.
sudo ufw app info 'Nginx Full'
To allow SSH run the commands below:
sudo ufw allow OpenSSH
You can also use the service name instead of the app profile to enable or disable it. For example, if you wish to enable HTTP over port 80, run the commands below:
sudo ufw allow http
Or HTTPS, run the commands below:
sudo ufw allow https
The same can also be accomplished using the commands below to allow HTTP over TCP on port 80 or HTTPS over TCP on port 443
sudo ufw allow 80/tcp sudo ufw allow 443/tcp
You can do that for all the apps you want to allow traffic to. Then, after you’ve updated the firewall rules, you can finally enable UFW.
sudo ufw enable
To allow specific computers via IP address 192.168.1.2, run the commands below:
sudo ufw allow from 192.168.1.2
To deny the same IP, run the commands below:
sudo ufw deny from 192.168.1.2
That should enable the firewall and the rules you created above.
Disable Ubuntu Firewall
If you want to disable the Ubuntu firewall, you can run the commands below to disable it.
sudo ufw disable
The above command will stop and disable the firewall but will not delete the firewall rules. The next time you enable a firewall, it should automatically reapply those rules you enabled previously.
To disable and delete all the rules, run the commands below:
sudo ufw reset
You’ll be prompted to continue with the change.
Resetting all rules to installed defaults. This may disrupt existing ssh
connections. Proceed with operation (y|n)? y
Type Y to accept and continue.
That should do it. More rules could be added to Ubuntu firewall configurations. But the few above should get you started.
You may also like the post below:
