In this article, we are going to shows that how to Set Up a Firewall with UFW on Ubuntu 18.04 | 20.04.
In computing world, a firewall is a network security tool that is used to monitors, filters and controls incoming and outgoing network traffic.
It is based on predefine security rules. These rules establishes a barrier between trusted and untrusted network.
When you install Ubuntu in your system then it comes with a firewall configuration tool that is called UFW (Uncomplicated Firewall). It is used for managing iptables firewall rules.
How to Set Up a Firewall with UFW on Ubuntu
Simply follow below steps to Set Up a Firewall with UFW on your Ubuntu system:
Step 1 : Prerequisites
To Set Up a Firewall with UFW, you must need to logged in with root or user with sudo privileges.
Step 2 : Install UFW (Uncomplicated Firewall) on Ubuntu
When you install Ubuntu in your system then it comes with a firewall configuration tool that is called UFW (Uncomplicated Firewall).
UFW (Uncomplicated Firewall) is a part of Ubuntu and it is pre-installed in Ubuntu. In some case, if it is not installed then you can installed it by running below command:
sudo apt update
sudo apt install ufwStep 3 : Check UFW Status
By default, UFW id disabled in Ubuntu. If you want check the status of UFW then run the below command:
sudo ufw status verboseOutput
Status: inactiveAnd if UFW is activated, then the above command will display a output something like below:
Output
Status: activeStep 4 : Set Up Default Policies
By default, UFW settings is set to block all incoming and forwarding connections and allow all outbound connections.
The default polices of UFW are located at the /etc/default/ufw file. you can change its policies using below command:
Syntax :
sudo ufw default <policy> <chain>Step 5 : Application Profiles
Application profile is a text file in INI format that is display the service and contains firewall rules for the service. In the Linux when we install an application, the apt command adds an application profile to /etc/ufw/applications.d directory.
You can list all these profiles by running below command:
sudo ufw app listOutput
Available applications:
Nginx Full
Nginx HTTP
Nginx HTTPS
OpenSSHThe above command show a list of application. These application can be allowed and disallowed via UFW.
To find out more details about a specific profile, use the below command:
sudo ufw app info 'Nginx Full'Output
Profile: Nginx Full
Title: Web Server (Nginx, HTTP + HTTPS)
Description: Small, but very powerful and efficient web server
Ports:
80,443/tcpEnabling UFW for Applications
To set your firewall to allow incoming SSH connections, run the below command:
sudo ufw allow sshIf incoming SSH connections is running on a non-standard port then you need to open that port.
For an example, if your ssh listens on port 2277, run the following command to allow connections on that port:
sudo ufw allow 2277/tcpafter the updated the firewall rules to allow incoming SSH connections, you can enable UFW by running below command:
sudo ufw enableOpening Ports
If you want to enable HTTP over port 80, then run the below commands:
sudo ufw allow httpFor HTTPS :
sudo ufw allow httpsYou can also allow HTTP over TCP on port 80 or HTTPS over TCP on port 443 using the below command:
sudo ufw allow 80/tcp
sudo ufw allow 443/tcpTo Allow Specific IP Addresses
To allow via a specific IP address 192.178.2.1, run the below command:
sudo ufw allow from 192.178.2.1Allowing Specific IP Addresses and Port
Run the below command to allow a specific IP address and port:
sudo ufw allow from 192.178.2.1 to any port 22Allow subnet of IP addresses
You also can allow connections to a subnet mask of IP addresses. To allow access for IP addresses ranging from 192.178.1.1 to 192.178.1.254 to port 3360 run below command:
sudo ufw allow from 192.178.1.0/24 to any port 3306Disable & Reset UFW
To disable UFW, run the bellow command:
sudo ufw disableWhen you run the above command, it will stop and disable the firewall but not delete the firewall rules.
Later if you want to enable UFW and activate all rules, just run below command:
sudo ufw enableTo disable and delete all the Firewall rules, run the commands below:
sudo ufw resetThat’s all
If you face any error and issue in above steps , please use comment box below to report.
