Who doesn’t love firewalls? Firewalls give us that warm fuzzy feeling disallowing nasty traffic into our squeaky clean computers. However, it turns out that firewalls are not always that easy to configure.
The primary firewall for Linux is called Iptables. Iptables is configured with techno-black magic rules that specify your zone, your port, your interface, and all the details that sometimes you probably don’t care too much about.
Luckily, Iptables has a plethora of different front ends to simplify configuration for input, output, forwards, NATing (insert your favorite firewall phrase here). In this article, we will cover one such tool called UFW.
Enter UFW
The name UFW stands for Uncomplicated FireWall. On modern versions of Ubuntu, UFW is installed by default. You can also easily install it with one command:
Enabling
Once UFW is installed, enable it with sudo ufw enable:
Note: You should not be enabling UFW over an SSH connection. Doing so will cause you to unexpectedly lose your session and lock you out! It is recommended to enable the ssh rule beforehand (See Configuring Rules for UFW).
Once enabled you can check UFW status with sudo ufw status verbose:
Having a set of sane defaults is a good step for securing a machine from unwanted traffic. By default, UFW denies all incoming traffic and allows all outgoing traffic.
Configuring Rules for UFW
UFW has a wide variety of ways to configure rules for all sorts of network configurations. One of the more common use cases is allowing traffic for trusted applications.
Allowing/Disallowing Apps
A service that is ubiquitous for remote administration is SSH. Allow it by running the following:
Verify your rules list:
Notice that the status lists 22 which is the port that SSH uses by default.
You can ask UFW to list the currently allows apps:
To disallow an app, use the deny keyword. Let’s say you are running a web server and you do NOT want to allow HTTP traffic (strictly HTTPS traffic). You can disallow HTTP traffic this way:
Allowing/Disallowing Traffic Over Specific Ports
Let’s say you have a different security policy and SSH is listening on port 2222. You can enable it like this:
Notice, the allow command specified tcp. You can specify tcp or udp when defining rules.
Just like denying apps, you run a similar command for denying ports. Telnet is an old outdated tool for running remote commands against servers. To disallow traffic for telnet (port 23) run the following:
Deleting a rule
Going back to the HTTP example, your server now has a redirect of HTTP to HTTPS traffic. You can remove the rule from earlier by doing:
Note: This will not explicitly allow HTTP. You must allow it explicitly (see SSH example above).
The same syntax can be used for deleting a rule for ports: (using port 2222 from earlier)
Conclusion
Firewalls on Linux are not always easy to configure. Having a firewall with a solid configuration can help protect a machine from a wide variety of malicious traffic.
Automox for Easy IT Operations
Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day.
Grab your free trial of Automox and join thousands of companies transforming IT operations into a strategic business driver.