How to Setup Ubuntu Firewall Easily

1

UFW (Uncomplicated Firewall) is the default firewall configuration tool for Ubuntu. It comes with a user-friendly front-end or command driven tool for managing iptables firewall rules easily. In this tutorial, I am explaining how to setup an Ubuntu firewall easily, without much deep knowledge about networking.

Before installing the UFW firewall, let’s have a look at firewall importance.

Why Firewall is Important

A firewall is an essential part of any system to restrict unauthorized access to the network. It helps you to protect your important data. A firewall controls the inbound and outbound traffic of a system. If you are using a Ubuntu based web server, then it is always recommended to set up a firewall during LAMP stack setup.

How to Setup Ubuntu Firewall

In Ubuntu, the firewall can be set up using the command line or GUI method. Let’s configure firewall using command line

Step 1: Install firewall

UFW is installed by default on Ubuntu, If it is uninstalled for some reason. You can install UFW by using this command.

$ sudo apt install UFW

Step 2: Set Default Policies for Firewall

This part is very crucial, as this part will control the flow of traffic that does not match explicitly with any other rule. By default, UFW denies all incoming connections and allows outgoing connections. In this state, if any one trying to connect your server is not able to connect. Whereas applications hosted on the server are able to reach the outside world.

To set the above rules, run the following commands.

$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing

Step 3: Allow SSH connections

If you are using any cloud server or VPS, you may need to connect your server using SSH to manage your server. To allow SSH, run the following command.

$ sudo ufw allow ssh

This command will allow all connections to the server on port 22, by default SSH daemons use port 22. All the ports were listed as a service in the /etc/services file.

You can write equivalent rules by using ports also.

Sometimes the SSH daemon is configured with a different port for security purposes. In that case write port number instead of service. For example,

$ sudo ufw allow 2222

[Always add SSH rules before enable UFW on Ubuntu, otherwise you are not able to connect your server via SSH]

Step 4: Enable UFW on Ubuntu

To enable UFW, run the following command.

$ sudo ufw enable

A warning message will appear that says that command may disrupt the existing ssh connection. As you already added SSH rules to the UFW, continue with the command to enable UFW. Type y and press Enter on the keyboard.

Ubuntu Firewall

Now, the firewall is activated. Check the status of the ubuntu firewall with all the rules, run the following command.

$ sudo ufw status verbose

Above command will show the firewall configuration details, as below

Ubuntu Firewall

Step 5: Enable Other Connections

According to your requirement, you can enable other ports as well. Let’s enable http and https rules on UFW. By default, HTTP uses port 80(unencrypted). To enable HTTP, you can run either service name or port number.

$ sudo ufw enable http

or

$ sudo ufw enable 80

Again, by default HTTPS uses port 443(encrypted). To enable HTTPS, you can run either service name or port number.

$ sudo ufw enable https

Or 

$ sudo ufw enable 443

List of Commonly Used Network Ports

Service NamePortTransport protocol
Secure Shell (SSH)22TCP and UDP
File Transfer Protocol (FTP)21TCP
Simple Mail Transfer Protocol (SMTP)25TCP
HyperText Transfer Protocol (HTTP)80TCP
HTTP with Secure Sockets Layer (SSL)443TCP and UDP
Remote Desktop Protocol(RDP)3389TCP and UDP
Telnet23TCP

How to Enable Port Ranges

Some applications need multiple ports to operate. You can enable port ranges with UFW by following commands.

$ sudo ufw allow 6000:6007/tcp
$ sudo ufw allow 6000:6007/udp

(When specify port ranges, you need to mention tcp or udp to apply)

How to Enable Specific IP

Sometimes, you may need to enable specific IP with UFW to allow access to the server. The command you need to run for adding to the UFW.

$ sudo ufw allow from 13.235.242.172

You can also allow specific port to the IP by following command.

$ sudo ufw allow from 13.235.242.172 to any port 22

How to Disable Ubuntu Firewall

You can easily disable UFW by using the following command.

$ sudo ufw disable

If you want to reset your UFW rules, use the following command.

$ sudo ufw reset

Conclusion

A complete step by step guide to setup Ubuntu firewall. Follow this article thoroughly to complete UFW setup on Ubuntu. If you have any doubts feel free to contact me, I will definitely try to help you. Also, you can join our elite facebook group to get direct help from me. If you like this tutorial, please share this article on your social media handle.

1 COMMENT

  1. For example, if the firewall is set to allow SSH port connections from anywhere, the output might look something like this: Use the command if you want to check how UFW has configured the firewall. You can always run if you need to activate it later.

LEAVE A REPLY

Please enter your comment!
Please enter your name here