Ubuntu desktops and servers come with firewall installed and mostly not enabled. Right out of the box, all traffic in and out of the systems are not filtered or restricted.
This brief tutorial is going to show you how to easily manage Ubuntu firewall for desktops and servers.
By default, Ubuntu comes with firewall package installed. It is a kernel subsystem that filters network traffic in and out of Linux systems. The subsystem is known as iptables.
iptables is a just a database of rules that control which network traffic or port to allow and which to deny. iptables is the default firewall on almost all of Linux systems. It’s powerful, but not easy to manage.
That’s why Uncomplicated Firewall (ufw) was introduced.
ufw is a front end application to manage iptables on Ubuntu systems. It’s probably included on other Linux systems. With ufw, one can add/remove iptables rules easily via simple commands, instead of leaning iptables complicated rule policies.
To get started, verify that ufw is installed. To do that, run the commands below.
sudo apt-get update sudo apt-get install ufw
After installing ufw, it’s disabled by default. In a disabled state, all traffic are allowed by default. Network filtering actions only take place when rules specific to those traffic are entered into iptables.
To enable ufw, run the commands below.
sudo ufw enable
When you enable ufw, all traffic will be denied right away and only existing connections will be allowed to continue. When those connections end, they won’t be allowed again. So when you enable ufw, make sure to immediately enable protocols and ports you’ll need opened to manage your systems.
When you run the commands above, you should see the message below.
Firewall is active and enabled on system startup
To see ufw status, run the commands below”
sudo ufw show raw
When you run commands above, you’ll see bunch of rules similar to the ones below
IPV4 (raw): Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 3467 175643 ufw-before-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0 3467 175643 ufw-before-input all -- * * 0.0.0.0/0 0.0.0.0/0 9 452 ufw-after-input all -- * * 0.0.0.0/0 0.0.0.0/0 3 168 ufw-after-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0 3 168 ufw-reject-input all -- * * 0.0.0.0/0 0.0.0.0/0 3 168 ufw-track-input all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ufw-before-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ufw-before-forward all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ufw-after-forward all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ufw-after-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ufw-reject-forward all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ufw-track-forward all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 3469 175354 ufw-before-logging-output all -- * * 0.0.0.0/0 0.0.0.0/0 3469 175354 ufw-before-output all -- * * 0.0.0.0/0 0.0.0.0/0 39 3356 ufw-after-output all -- * * 0.0.0.0/0 0.0.0.0/0 39 3356 ufw-after-logging-output all -- * * 0.0.0.0/0 0.0.0.0/0 39 3356 ufw-reject-output all -- * * 0.0.0.0/0 0.0.0.0/0 39 3356 ufw-track-output all -
To allow traffic, use the command format below
sudo ufw allow service_name or service_port/protocol
To deny traffic, use the format below
sudo ufw deny service_name or service_port/protocol
By default, all outgoing traffic are allowed and filtering is only for inbound traffic. For example, to allow SSH inbound traffic through the firewall, run the commands below:
sudo ufw allow ssh
or
sudo ufw allow 22/tcp
For for HTTP traffic, run the commands below
sudo ufw allow http
or
sudo ufw allow 80/tcp
To allow traffic from a specific IP only, run the commands below.
sudo ufw allow from 111.222.333.444
To validate iptables rules, run the commands below.
sudo ufw status
To delete or remove a rule, prefix delete before allow in the command. Example,
sudo ufw delete allow from 111.222.333.444
For more help, run the help command
sudo ufw --help
You should see all the possible commands and extensions.
Usage: ufw COMMAND Commands: enable enables the firewall disable disables the firewall default ARG set default policy logging LEVEL set logging to LEVEL allow ARGS add allow rule deny ARGS add deny rule reject ARGS add reject rule limit ARGS add limit rule delete RULE|NUM delete RULE insert NUM RULE insert RULE at NUM route RULE add route RULE route delete RULE|NUM delete route RULE route insert NUM RULE insert route RULE at NUM reload reload firewall reset reset firewall status show firewall status status numbered show firewall status as numbered list of RULES status verbose show verbose firewall status show ARG show firewall report version display version information Application profile commands: app list list application profiles app info PROFILE show information on PROFILE app update PROFILE update PROFILE app default ARG set default application policy
Most Linux systems are configured with security in mind. You probably don’t need ufw on your Ubuntu desktop. Maybe not on your servers either. Since best way to protect your server is to only install needed services and nothing else.
This service you have running the better.