Uncomplicated Fire Wall or UFW for short is a piece of software that manages your default netfilter firewall on your Ubuntu system. The following steps will walk you through the process of adding different rules that will secure your server.
Setup Default Rules
When managing your system’s firewall one of the first things you want to do is set some default rules to minimize the amount of attack vectors. You can use the ufw default command to create blanket rules for both ingress and egress traffic as shown below. Once you’ve added your default rules you can then continue to add rules on a service or protocol specific basis.
sudo ufw default allow outgoing
sudo ufw default deny incoming
The line below turns logging on and enables the UFW service to start at boot.
sudo ufw logging on
sudo ufw enable
Allowing Common Protocols
The following rules will allow ssh access which is port 22, http which listens on 80 and https which listens on port 443.
sudo ufw allow ssh/tcp
sudo ufw allow http/tcp
sudo ufw allow https/tcp
Allowing connectivity from a specific IP address
sudo ufw allow from 555.555.555.555
Allowing connectivity from a specific Subnet
sudo ufw allow from 555.555.555.55/24
Allowing connectivity from a specific IP and port
sudo ufw allow from 555.555.555.555 to any port 22 proto tcp
How to display current status and applied rules.
sudo ufw status
You should see something like so.
To Action From
— —— —-
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
To revert to the default settings & purge all configurations.
sudo ufw reset