Uncomplicated FireWall, or UFW for short, is a piece of software that manages your default Netfilter firewall on your Ubuntu system. The following steps will walk you through the process of adding different rules that will secure your server.
Setup Default Rules
When managing your system's firewall, one of the first things you want to do is set some default rules to minimize the number of attack vectors. You can use the ufw default command to create blanket rules for both ingress and egress traffic, as shown below. Once you've added your default rules, you can then add rules on a service or protocol-specific basis.
sudo ufw default allow outgoing
sudo ufw default deny incoming
The line below turns logging on and enables the UFW service to start at boot.
sudo ufw logging on
sudo ufw enable
Allowing Common Protocols
The following rules will allow ssh access, port 22, HTTP, which listens on 80, and HTTPS, which listens on port 443.
sudo ufw allow ssh/TCP
sudo ufw allow HTTP/TCP
sudo ufw allow HTTPS/TCP
Allowing connectivity from a specific IP address
sudo ufw allow from 555.555.555.555
Allowing connectivity from a specific Subnet
sudo ufw allow from 555.555.555.55/24
Allowing connectivity from a specific IP and port
sudo ufw allow from 555.555.555.555 to any port 22 proto TCP
How to display the current status and applied rules.
sudo ufw status
You should see something like so.
plaintext Status: active To Action From — —— —- 22/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 22/tcp (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6)
To revert to the default settings & purge all configurations.
sudo ufw reset