Ubuntu Firewall Configuration for version 16.04 [Simple UFW configuration Tutorial]

Ubuntu Firewall Configuration for version 16.04 [Simple UFW configuration Tutorial]

Introduction

Firewall is the main gate to restrict the unwanted traffic to the site. It is simple to use.

The expansion of UFW is uncomplicated firewall. UFW is just an layer for the IP tables.

You can directly use IP tables to setup the firewall configuration, only if you are an expert.

If not, you should go with ufw.

Here in this tutorial, let us see how to use UFW to secure the Ubuntu operating system and restrict the access to the applications inside the server.

Requirement

  • You should have an sudo non root user account and if you dont know how to create one, refer here.

After that, you have to install UFW from ubuntu repository. Use the below command to install UFW on Ubuntu.

UFW configuration – Enable IPv6 Support

Here, in this tutorial, we will use IPv4 to demonstrate setup. You can also configure UFW to manage IPv6 connection.

For that, you have to edit the UFW configuration file and enable the UFW for IPv6.

First, open UFW configuration file using nano editor.

Check the file and you can see the IPv6 there. Make sure to set IPv6=yes.

Then, save and close the file.

Here after, the UFW will be able to manage both IPv4 and IPv6. We have not enabled the UFW yet to function. before that, we have to make sure, that UFW configuration allows us to connect with our server through SSH.

Once, i forgot to verify and simply enabled the UFW. After that, i could not connect to the server.

So, make sure to verify the UFW configuration.

Default Policy Setup

This is very important step and we have to define our default policy to handle the traffic which does not comply with any of our firewall defined rules..

By Default, UFW will deny all the incoming connections if they are not complying with existing rules and it allows all the outgoing connections. Any application inside the firewall can send traffic outside.

Here is the command lines to define the default policies.

This setup is ok if you are using any Desktop or laptop with Ubuntu. Here, outsider cannot access your server. This also suits for cloud server.

But:

For a cloud server, we have to allow SSH connection to the server, so that we can connect and access the server to do some operations.

Enable the SSH Connection

To enable the SSH connection in the firewall, just use the below command.

Most of the command you see in UFW are very simple to use but powerful yet.

If you mistakenly do something, then you will be in trouble.

In the above command, the UFW function will be enabling the port 22 for accepting connections from outside.

This is port used by SSH and UFW knows this by reading the services and their ports listed in /etc/services. 

You can also directly mention the port number on UFW to allow just without mentioning the service.

Note:

To secure the server and avoid outside attacks, you can change the service port number. For example you can change SSH port number and enable that on ufw. This less effective, but still prevent a lot of people from trying to access the server.

Once you done with the above step, now you can enable the firewall without any hesitation.

To enable ufw, use this simple command line.

When you execute this command, it prompt a warning that it may interrupt the existing SSH connection.

You dont need to worry about it and you can just proceed with the next step by Entering Yes.

Allowing the HTTP traffic.

or

 

Allowing HTTPS traffic

or

Allowing FTP port

or

Other than this, if you want to allow traffic to any other port, just mention whether you want to allow TCP or UDP.

Here is the sample command.

Allowing IP address to access the ports.

If you want to allow UFW to access a specific IP, then you can do that by mentioning that IP.

If you want to add port to the IP address, use the below command.

You can also reverse the changes by adding deny instead of allow.

This will restrict the connection from specific IP address. If you have done this to port, all the connection request to the port will be rejected.

Deleting the Rules

Sometimes, you will want to delete the rules. You can do that in two ways.

One is by mentioning the rule number. The other is mentioning the actual rule in the command to delete.

Here is the method for deleting the rule by number.

First, you have to find the rule number of your rule. For that, use the below command.

You can see the rules listed with numbers like below one.

Go through the rule and find the number of the rule which you want to delete and execute command as mentioned below.

The second thing is directly mention the rule in the command to delete it.

Here is how. I want to delete http rule. So, i will use this one.

Check UFW Status

If you want to check your UFW status, use the verbos command. It will return the status of the UFW.

You will see the output either active or inactive.

If ufw is inactive, you will only see the following output.

 

Disable Firewall & Reset UFW

You can disable the firewall  by just using the below command.

You can reset the entire firewall by using the reset command.

Make sure, you first disable the ufw and reset the connection.

Conclusion

Today, you have learnt how to configure UFW on Ubuntu 16.04 system. If you have queries or doubts, please leave them in the command.

Make sure to subscribe to the upcoming cloud tutorial. You will be notified once the tutorial goes live.

Leave a Reply

Your email address will not be published. Required fields are marked *