*Full Tutorial* Configure the Ubuntu Firewall (UFW): DomainRacer
How to configure the Ubuntu Firewall (UFW)
by default, Ubuntu comes with a dedicated firewall configuration tool known as UFW or Uncomplicated Firewall.
Configuring Ubuntu Firewall (UFW)
UFW is a simple and effective firewall application installed on Ubuntu by default, but not enabled.
To reinstall it again on your system.
——————————
sudo apt install ufw
——————————
This will install UFW on your system.
Once installed, you need to make sure that it is enabled and working. To do this, use this command:
——————————
sudo ufw status verbose
——————————
To activate UFW, type in the following command:
——————————
sudo ufw enable
——————————
With UFW activated, you can go and recheck its status using the previous command:
——————————
sudo ufw status verbose
——————————
Configure UFW Behaviour Based on Incoming Connections to Different Ports
If you wish to allow connections that are using secured SSH, then use this command:
——————————
sudo ufw allow ssh
——————————
or
——————————
sudo ufw allow 22
——————————
Similarly, let’s say you want your server to listen to HTTP on port 80, then you can enter either of the following commands, and the rule will be added to UFW.
——————————
sudo ufw allow http
——————————
or
——————————
sudo ufw allow 80
——————————
To allow HTTPS on port 443, you can use the following commands:
——————————
sudo ufw allow https
——————————
or
——————————
sudo ufw allow 443
——————————
Here is the command you will use to allow connections from ports 6000 to 6003 coming from TCP as well as UDP.
——————————
sudo ufw allow 6000:6003/tcp
sudo ufw allow 6000:6003/udp
——————————
Deny Specific Connections:
In case you are interested in preventing individual connections, then all you need to do is just swap “allow“ with “deny“ in any of the above commands.
For example, let’s say you have seen suspicious activities coming from an IP address 1.10.184.53. In that case, you can use this command to prevent that IP address from connecting with your system:
——————————
sudo ufw deny from 1.10.184.53
——————————
Configure UFW for IPv6:
All the commands we discussed above assume that you are using IPv4. In case your server is configured for IPv6, then you also need to configure UFW to support IPv6. This is done using the following command:
——————————
sudo nano /etc/default/ufw
——————————
Check and make sure that the value for IPv6 is set to Yes.
Delete a Specific UFW Rules:
In case you have set several rules and don’t remember all of them, you can use the following command to get a list of all your firewall rules.
——————————
sudo ufw status numbered
——————————
This will generate a numbered list of all the UFW rules that you have set up.
Now, let’s say you are looking to delete rule number 7. Then you can follow up with this command:
——————————
sudo ufw delete 7
——————————
Alternatively, if you already know which rule you want to delete then you can directly enter that into the command like this:
——————————
sudo ufw delete allow http
——————————
***Note***: If you have UFW configured for both IPv6 and IPv4, then the delete command is going to remove the rule for both instances.
Access the Firewall Logs
——————————
sudo ufw logging on
——————————
Disable/Reset UFW
——————————
sudo ufw disable
——————————
You can then reactivate UFW using one of the commands discussed above:
——————————
sudo ufw enable
——————————
However, if you are looking to start afresh and delete all active rules, then you can simply reset UFW using this command:
——————————
sudo ufw reset
——————————
This will reset UFW anad remove all existing rules.
So this was our in-depth tutorial on how to enable and configure UFW on your Ubuntu.
ubuntu