How to Set Up a Firewall on Linux with UFW

Edited 2 weeks ago by ExtremeHow Editorial Team

SecurityFirewallUFWNetwork SafetyConfigurationCommand LineServerSysAdminBest PracticesAdministration

Securing your Linux system is very important to maintain the integrity and confidentiality of your data. Firewalls play a vital role in protecting the system from unauthorized access and malicious attacks. UFW, which stands for Uncomplicated Firewall, is an easy-to-use interface for managing firewall rules on Ubuntu and Debian-based systems. This guide provides an in-depth explanation of how to set up a firewall using UFW on your Linux server. In this guide, various examples will be used to illustrate the key concepts and procedures, so that you can effectively use UFW to secure your server.

Understanding firewall and UFW

Before taking a deeper look at how to set up a firewall using UFW, it is essential to understand what a firewall is. A firewall is a network security tool that monitors and controls incoming and outgoing network traffic based on predefined security rules. Essentially, it acts as a barrier between a trusted network and an untrusted network, which could be the wider Internet.

UFW simplifies the process of managing a firewall through an easy-to-understand command-line interface. It provides an abstraction over the traditional `iptables` tool, which can be quite complex for beginners. UFW comes pre-installed on many Ubuntu and Debian-based systems and offers the simplicity of enabling or disabling rules with direct commands.

Installing UFW

Before you start configuring UFW, you need to make sure it is installed on your system. Most Ubuntu and Debian-based distributions come with UFW pre-installed. But, in some cases, you may have to install it manually. Open your terminal and run the following command to check if it is installed:

sudo ufw status

If UFW is installed, this command will indicate whether it is enabled or disabled. If the command returns 'command not found' or you want to make sure you have the latest version, you can install UFW using the following command:

sudo apt update sudo apt install ufw

Enabling UFW

Once UFW is installed, you will need to enable it. Before doing this, it is generally a good practice to define some basic rules to avoid accidental lockouts. You can enable UFW with this command:

sudo ufw enable

UFW will now be activated, and you will see a message saying that the firewall is active and enabled at system startup. When enabling UFW without any rule sets, it blocks all incoming connections except those needed for critical system services. However, outgoing connections are usually allowed by default.

Set default policies

The first step in configuring your firewall is to set the default policies. UFW's default policy is to deny all incoming connections and allow all outgoing connections. This setup is generally fine for most users, ensuring that no external attempts to connect to the system are allowed unless explicitly specified.

You can set default policies with the following command:

sudo ufw default deny incoming sudo ufw default allow outgoing

These two commands configure UFW to deny all unsolicited incoming connections while allowing all outgoing connections to pass through the firewall. This means that you must explicitly allow incoming connections from IP addresses or services that you want to allow access to your system.

Allowing a connection

To enable traffic for specific services you want to allow (such as SSH, HTTP, and HTTPS), you need to explicitly enable these connections. UFW provides intuitive commands to allow these services.

Allowing SSH connections

SSH is a vital service for managing your server remotely. It is probably enabled by default to allow administration when the firewall is first activated. You can allow SSH connections using the following command:

sudo ufw allow ssh

This command is short for allowing traffic through port 22, which is the standard port for SSH. Behind the scenes, it works like this:

sudo ufw allow 22/tcp

Allowing HTTP and HTTPS connections

If you are running a web server or hosting a website, you must allow HTTP and HTTPS traffic. This can be done with the following command:

sudo ufw allow http sudo ufw allow https

The above commands open ports 80 and 443, which are the default ports for HTTP and HTTPS traffic respectively. If you are hosting web services, this step is required for access.

Specifying port numbers and IP addresses

When allowing a service, you may also need to specify a custom port number or allow access from specific IP addresses.

Allowing specific port numbers

Suppose you operate a service on a custom port (3010 in this scenario), you can allow access as follows:

sudo ufw allow 3010/tcp

If your service operates over UDP protocol then replace `3010` with your specified port number and `tcp` with `udp`.

Allowing connections from specific IP addresses

For better security, you may want to restrict access to some services to specific IP addresses. For example, suppose you want to allow SSH connections only from the IP address `192.168.1.10`. You can configure this using the following command:

sudo ufw allow from 192.168.1.10 to any port 22

This command allows SSH connections only from the specified IP address, reducing the possibility of attack for unauthorized users.

Rejecting the connection

When you configure your firewall, you may also want to deny specific connections as an additional layer of security. Denying traffic is as simple as allowing it; you can use the same syntax, replacing "allow" with "deny."

To deny traffic on a specific port, use:

sudo ufw deny 1234

Replace `1234` with your desired port number to deny all connections from that port.

Deleting a rule

Sometimes, you may need to delete specific rules. To delete a particular rule, use the same command without "allow" or "deny" and replace it with "delete":

sudo ufw delete allow 3010/tcp

The above command will remove the existing rule allowing traffic on port `3010`.

Advanced UFW features

Checking UFW status

You can check the current state of your firewall, including which rules are currently active, using the following command:

sudo ufw status verbose

It displays detailed details, including whether the firewall is active or not, the default policy, and a detailed view of each rule.

UFW logging

If you need to keep track of how your firewall behaves over time (such as potential attacks or unauthorized access attempts), you can enable logging using:

sudo ufw logging on

You can set different logging levels, such as low, medium, and high, to control how detailed UFW logs its activities. Choose the level depending on how detailed you want your logs.

Using UFW with IPv6

For systems that use both IPv4 and IPv6, it may be necessary to edit the `/etc/default/ufw` configuration file. Make sure UFW's configuration allows IPv6 by changing `IPV6` to `yes`:

IPV6=yes

Once configured, IPv6 support will function just like IPv4, provided your server is connected to an IPv6 network and has the relevant services requiring IPv6 traffic.

Conclusion

With UFW, setting up a firewall on your Linux system becomes a simple yet powerful process. By understanding the basics of firewall rules and how UFW works, you can better protect your system from external threats while allowing the necessary connections. This guide covers essential UFW operations, ensuring that you can manage your firewall rules efficiently. Whether you are a system administrator, a developer, or someone who owns a private server, protecting your system with a properly configured firewall is a vital measure to maintain system security and performance.

Remember, the security of your system depends on how diligently you configure and maintain your firewall rules. Regular audits, testing your firewall settings, and staying updated with security best practices are key aspects of a strong server security posture.

  Share This Article

If you find anything wrong with the article content, you can request an update