The UFW is a module that comes pre-installed on most Ubuntu systems. UFW (Uncomplicated Firewall) is a simple yet powerful tool that helps you secure your Ubuntu server by controlling network traffic. Its main job is to monitor, filter, and secure all incoming and outgoing network traffic based on the security rules you define. With UFW, you can easily define rules to allow or block specific connections, such as enabling SSH or web traffic while denying unauthorized access. Its goal is to make firewall management straightforward.
This tutorial will show you the exact steps for setting up and managing your firewall with UFW on Ubuntu 20.04 (and newer releases). We’ll cover setting default policies, allowing or denying traffic by service or port, enabling the firewall safely, and checking its status. By the end, you’ll have a properly configured firewall that strengthens your server’s security and gives you full control over which traffic can pass through.
Installing UFW:
Before you start, ensure that your Linux distribution supports UFW. UFW is commonly found on Ubuntu and Debian systems, and the installation process is straightforward.
Connect to Your Server:
Begin by connecting to your server using your preferred terminal or SSH client. Log in with your administrative credentials.
ssh username@your_server_ip
Replace “username” with your actual username and “your_server_ip” with your server’s IP address.
Install UFW:
Check if UFW is already installed by running the following command:
sudo ufw status
If it’s not installed, install UFW using:
sudo apt-get update sudo apt-get install ufw
Configuring UFW:
Now that UFW is installed, you can configure it to meet your specific security requirements.
Enable UFW:
Start by enabling UFW with:
sudo ufw enable
Allow SSH Access:
Allow SSH traffic to ensure that you can maintain access to your server. By default, SSH uses port 22:
sudo ufw allow 22
If you’ve changed the SSH port, replace “22” with your custom port number.
Allow Essential Services:
If your server runs other services, such as HTTP (port 80) or HTTPS (port 443), allow them to function:
sudo ufw allow 80 sudo ufw allow 443
Replace these port numbers with the relevant ports for your services.
Deny Incoming Connections by Default:
Configure UFW to deny all incoming connections by default. This ensures that you explicitly allow traffic for each service:
sudo ufw default deny incoming
Allow Outgoing Connections:
Allow outgoing connections to enable your server to communicate with external services:
sudo ufw default allow outgoing
Check UFW Status:
Verify your UFW settings with:
sudo ufw status
This will display a list of allowed and denied connections.
Additional UFW Commands:
Here are some additional commands for managing UFW:
- To delete a rule:
sudo ufw delete [rule_number]
Replace [rule_number] with the number of the rule you want to delete.
- To disable UFW:
sudo ufw disable
- To reset UFW rules:
sudo ufw reset
Conclusion:
Installing and configuring UFW is an essential step towards enhancing the security of your server. By simplifying firewall management, UFW allows you to control incoming and outgoing traffic, reducing the risk of unauthorized access and potential security threats. Regularly review and update your UFW rules to adapt to changing security needs, ensuring your server remains well-protected against evolving risks.