How to Manage Firewall (UFW) on Ubuntu Linux

|

|

Ubuntu comes with a default firewall module, which is disabled after installation. This module can be managed using a user-friendly configuration tool called Uncomplicated Firewall (UFW). This tutorial demonstrates how to enable, manage, and create rules for this module using UFW, consequently securing Ubuntu 16.04 | 18.04 servers from external threats.

This brief tutorial shows students and new users how to enable and manage Ubuntu firewalls on Ubuntu 16.04 | 18.04 servers and create rules to secure and protect your server from external threats.

Ubuntu has a default firewall module, but it is disabled after installation. It also comes with an Uncomplicated Firewall (UFW) configuration tool, which can be used to manage firewall apps.

The user-friendly tool allows system admins to manage the Ubuntu firewall module. You can use UFW to enable and manage firewall rules and disable it if it’s already enabled.

When you’re ready to manage the Ubuntu firewall, follow the steps below:

Enable Ubuntu Firewall

Since the firewall module is turned off by default, the commands below enable it. But first, run the commands below to see the status of the firewall system.

sudo ufw status

That should display a similar message as below: Status: inactive

Status: inactive

This is the default state of the firewall module.

You can also run the commands below to check the status

sudo ufw status verbose

You’ll want to enable the firewall module to protect your server. If the firewall is activated, by default, it will block all incoming connections and allow all outbound connections.

So, if you’re running servers and services that must be assessed externally, you’ll want to allow that traffic.

The good thing about Ubuntu is that many popular servers and services have profiles that can be managed via UFW to allow and disallow traffic to them.

The apt command adds an application profile to the/etc/ufw/applications.d directory. You can list these profiles by running the commands below:

sudo ufw app list

You should see a list of apps that can easily be allowed and disallowed via UFW.

Available applications:
  Nginx Full
  Nginx HTTP
  Nginx HTTPS
  OpenSSH

You can quickly run the commands below to allow external traffic to the Nginx HTTP server.

sudo ufw app info 'Nginx Full'

To allow SSH, run the commands below:

sudo ufw allow OpenSSH

You can also use the service name instead of the app profile to turn it on or off. For example, if you  wish to enable HTTP over port 80, run the commands below:

sudo ufw allow http

Or HTTPS, run the commands below:

sudo ufw allow https

The same can also be accomplished using the commands below to allow HTTP over TCP on port 80 or HTTPS over TCP on port 443

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

You can do that for all the apps for which you want to allow traffic. Then, after you’ve updated the firewall rules, you can finally enable UFW.

sudo ufw enable

To allow specific computers via IP address 192.168.1.2, run the commands below:

sudo ufw allow from 192.168.1.2

To deny the same IP, run the commands below:

sudo ufw deny from 192.168.1.2

That should enable the firewall and the rules you created above.

Disable Ubuntu Firewall

You can run the commands below to turn off the Ubuntu firewall.

sudo ufw disable

The above command will stop and turn off the firewall but not delete the firewall rules. The next time you enable a firewall, it should automatically reapply those rules you enabled previously.

To disable and delete all the rules, run the commands below:

sudo ufw reset

You’ll be prompted to continue with the change.

Resetting all rules to installed defaults. This may disrupt existing ssh
connections. Proceed with operation (y|n)? y

Type Y to accept and continue.

That should do it. More rules could be added to Ubuntu firewall configurations. But the few above should get you started.

You may also like the post below:

Like this:



One response to “How to Manage Firewall (UFW) on Ubuntu Linux”

  1. Follow these steps to set up Apache on your Ubuntu Linux system - Geek Rewind

    […] how to do that on Ubuntu Linux. Run the command below to open the firewall, assuming UFW is being […]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.