Firewall with UFW on Ubuntu 
sudo ufw enablesudo ufw disablesudo ufw statussudo ufw reload 
sudo ufw enable tail -f /var/log/ufw.log 

sudo ufw allow httpsudo ufw allow https
sudo ufw allow 587/tcpsudo ufw allow 993/tcpsudo ufw allow 465/tcp

sudo ufw allow 10000/tcpsudo ufw allow 20000/tcp

sudo ufw allow proto tcp to 0.0.0.0/0 port 22 


sudo ufw allow proto tcp from 192.168.0.2 to any port 22 
sudo ufw allow proto tcp to 0.0.0.0/0 port 80sudo ufw allow proto tcp to 0.0.0.0/0 port 443 

$ sudo ufw allow ssh

$ sudo ufw allow http

$ sudo ufw allow 80/tcp

$ sudo ufw allow 'HTTP'

  

# sudo ufw status

You should see something like the following:

Status: active
To               Action         From--               ------         ----OpenSSH          ALLOW          Anywhere

OpenSSH (v6)     ALLOW          Anywhere (v6)




                                      ---------------------------------------------------------------------------------------

Install UFW and Status Check

Uncomplicated Firewall should be installed by default in Ubuntu 18.04, but if it is not installed on your system, you can install the package by using the command:

$ sudo apt-get install ufw

Once the installation is completed you can check the status of UFW with the following command:

$ sudo ufw status verbose

ubuntu1804@linux:~$ sudo ufw status verbose[sudo] password for ubuntu1804: Status: inactiveubuntu1804@linux:~$
ubuntu1804@linux:~$ sudo ufw enableCommand may disrupt existing ssh connections. Proceed with operation (y|n)? yFirewall is active and enabled on system startupubuntu1804@linux:~$ 
ubuntu1804@linux:~$ sudo ufw status verboseStatus: activeLogging: on (low)Default: deny (incoming), allow (outgoing), disabled (routed)New profiles: skipubuntu1804@linux:~$






$ sudo ufw status numberedubuntu1804@linux:~$ sudo ufw status numberedStatus: active
     To                         Action      From     --                         ------      ----[ 1] 22/tcp                     ALLOW IN    Anywhere                  [ 2] Anywhere                   ALLOW IN    192.168.1.104             [ 3] 22/tcp (v6)                ALLOW IN    Anywhere (v6)       

To delete rule number 2, the rule that allows connections to any port from the IP address 192.168.1.104, use the following command: 

$ sudo ufw delete 2

The second method is to delete a rule by specifying the actual rule.

$ sudo ufw delete allow 22/tcp




Using IPv6 with UFW


If your server is configured for IPv6, ensure that UFW is configured to support IPv6 so that will configure both your IPv4 and IPv6 firewall rules. To do this, open the UFW configuration with this command:

$ sudo vim /etc/default/ufw

Then make sure IPV6 is set to yes, like so:

IPV6=yes

Save and quit. Then restart your firewall with the following commands:

$ sudo ufw disable$ sudo ufw enable

Now UFW will configure the firewall for both IPv4 and IPv6, when appropriate.

UFW Default Policies

By default, UFW will block all of the incoming connections and allow all outbound connections. This means that anyone trying to access your server will not be able to connect unless you specifically open the port, while all applications and services running on your server will be able to access the outside world.

The default polices are defined in the /etc/default/ufw file and can be changed using the sudo ufw default <policy> <chain> command.

$ sudo ufw default deny outgoing

Firewall policies are the foundation for building more detailed and user-defined rules. In most cases the initial UFW Default Policies are a good starting point.

Application Profiles

When installing a package with the apt command it will add an application profile to /etc/ufw/applications.d directory. The profile describes the service and contains UFW settings.
You can list all application profiles available on your server using the command:

$ sudo ufw app list

Depending on the packages installed on your system the output will look similar to the following:

ubuntu1804@linux:~$ sudo ufw app list[sudo] password for ubuntu1804: Available applications:  CUPS  OpenSSHubuntu1804@linux:~$

To find more information about a specific profile and included rules, use the following command:

$ sudo ufw app info ‘<app_name>’

ubuntu1804@linux:~$ sudo ufw app info 'OpenSSH'Profile: OpenSSHTitle: Secure shell server, an rshd replacementDescription: OpenSSH is a free implementation of the Secure Shell protocol.
Port:  22/tcp

As you can see from the output above the OpenSSH profile opens port 22 over TCP.

Allow and Deny Connections

If we turned on the firewall , it would by default deny all incoming connections. Hence you need to allow/enable the connections depending your needs. The connection can be open by defining the port, service name or application profile.

$ sudo ufw allow ssh

$ sudo ufw allow http

$ sudo ufw allow 80/tcp

$ sudo ufw allow 'HTTP'

Instead of allowing access to single ports UFW also allows us to access to port ranges.

$ sudo ufw allow 1000:2000/tcp

$ sudo ufw allow 3000:4000/udp

To allow access on all ports from a machine with IP address or allow access on a specific port you can following commands:

$ sudo ufw allow from 192.168.1.104

$ sudo ufw allow from 192.168.1.104 to any port 22

The command for allowing connection to a subnet of IP addresses:

$ sudo ufw allow from 192.168.1.0/24 to any port 3306

To allow access on a specific port and only to specific network interface you need to use following command:

$ sudo ufw allow in on eth1 to any port 9992

The default policy for all incoming connections is set to deny and if you haven’t changed it, UFW will block all incoming connection unless you specifically open the connection.

To deny all connections from a subnet and with a port:

$ sudo ufw deny from 192.168.1.0/24

$ sudo ufw deny from 192.168.1.0/24 to any port 80

Firewall Log


Firewall logs are essential for recognizing attacks, troubleshooting your firewall rules, and noticing unusual activity on your network. You must include logging rules in your firewall for them to be generated, though, and logging rules must come before any applicable terminating rule.

$ sudo ufw logging on

The log will also in /var/log/messages, /var/log/syslog, and /var/log/kern.log

Deleting UFW Rules

Tere are two different ways to delete UFW rules, by rule number and by specifying the actual rule.
Deleting UFW rules by rule number is easier especially if you are new to UFW. To delete a rule by a rule number first you need to find the number of the rule you want to delete, you can do that with the following command:

$ sudo ufw status numbered

ubuntu1804@linux:~$ sudo ufw status numberedStatus: active
     To                         Action      From     --                         ------      ----[ 1] 22/tcp                     ALLOW IN    Anywhere                  [ 2] Anywhere                   ALLOW IN    192.168.1.104             [ 3] 22/tcp (v6)                ALLOW IN    Anywhere (v6)             

To delete rule number 2, the rule that allows connections to any port from the IP address 192.168.1.104, use the following command:

$ sudo ufw delete 2

ubuntu1804@linux:~$ sudo ufw delete 2Deleting: allow from 192.168.1.104Proceed with operation (y|n)? yRule deletedubuntu1804@linux:~$

The second method is to delete a rule by specifying the actual rule.

$ sudo ufw delete allow 22/tcp

Disable and Reset UFW


If for any reason you want to stop UFW and deactivate all rules you can use:

$ sudo ufw disable

ubuntu1804@linux:~$ sudo ufw disableFirewall stopped and disabled on system startupubuntu1804@linux:~$

Resetting UFW will disable UFW, and delete all active rules. This is helpful if you want to revert all of your changes and start fresh. To reset UFW use the following command:

$ sudo ufw reset

ubuntu1804@linux:~$ sudo ufw resetResetting all rules to installed defaults. This may disrupt existing sshconnections. Proceed with operation (y|n)? yBacking up 'user.rules' to '/etc/ufw/user.rules.20181213_084801'Backing up 'before.rules' to '/etc/ufw/before.rules.20181213_084801'Backing up 'after.rules' to '/etc/ufw/after.rules.20181213_084801'Backing up 'user6.rules' to '/etc/ufw/user6.rules.20181213_084801'Backing up 'before6.rules' to '/etc/ufw/before6.rules.20181213_084801'Backing up 'after6.rules' to '/etc/ufw/after6.rules.20181213_084801'

ubuntu1804@linux:~$


                                                                    -------------------------------------------------

Install UFW

Uncomplicated Firewall should be installed by default in Ubuntu 18.04, but if it is not installed on your system, you can install the package by typing:

sudo apt install ufw

Copy

Check UFW Status

Once the installation is completed you can check the status of UFW with the following command:

sudo ufw status verbose

Copy

UFW is disabled by default. If you never activated UFW before, the output will look like this:

Status: inactive

Copy

If UFW is activated, the output will look similar to the following:

UFW Default Policies

By default, UFW will block all of the incoming connections and allow all outbound connections. This means that anyone trying to access your server will not be able to connect unless you specifically open the port, while all applications and services running on your server will be able to access the outside world.

The default polices are defined in the /etc/default/ufw file and can be changed using the sudo ufw default <policy> <chain> command.

Firewall policies are the foundation for building more detailed and user-defined rules. In most cases, the initial UFW Default Policies are a good starting point.

Application Profiles

When installing a package with the apt command it will add an application profile to /etc/ufw/applications.d directory. The profile describes the service and contains UFW settings.

You can list all application profiles available on your server by typing:

sudo ufw app list

Copy

Depending on the packages installed on your system the output will look similar to the following:

Available applications:  Dovecot IMAP  Dovecot POP3  Dovecot Secure IMAP  Dovecot Secure POP3  Nginx Full  Nginx HTTP  Nginx HTTPS  OpenSSH  Postfix  Postfix SMTPS

  Postfix Submission

Copy

To find more information about a specific profile and included rules, use the following command:

sudo ufw app info 'Nginx Full'

Copy

Profile: Nginx FullTitle: Web Server (Nginx, HTTP + HTTPS)Description: Small, but very powerful and efficient web server
Ports:

  80,443/tcp

Copy

As you can see from the output above the ‘Nginx Full’ profile opens port 80 and 443.

Allow SSH Connections

Before enabling the UFW firewall we need to add a rule which will allow incoming SSH connections. If you’re connecting to your server from a remote location, which is almost always the case and you enable the UFW firewall before explicitly allow incoming SSH connections you will no longer be able to connect to your Ubuntu server.

To configure your UFW firewall to allow incoming SSH connections, type the following command:

sudo ufw allow ssh

Copy

Rules updated

Rules updated (v6)

Copy

If you changed the SSH port to a custom port instead of the port 22, you will need to open that port.

For example, if your ssh daemon listens on port 4422, then you can use the following command to allow connections on that port:

sudo ufw allow 4422/tcp

Copy

Enable UFW

Now that your UFW firewall is configured to allow incoming SSH connections, we can enable it by typing:

sudo ufw enable

Copy

Command may disrupt existing ssh connections. Proceed with operation (y|n)? y

Firewall is active and enabled on system startup

Copy

You will be warned that enabling the firewall may disrupt existing ssh connections, just type y and hit Enter.

Allow connections on other ports

Depending on the applications that run on your server and your specific needs you’ll also need to allow incoming access to some other ports.

Below we will show you a few examples on how to allow incoming connections to some of the most common services:

Open port 80 - HTTP

HTTP connections can be allowed with the following command:

sudo ufw allow http

Copy

instead of http you can use the port number, 80:

sudo ufw allow 80/tcp

Copy

or you can use the application profile, in this case, ‘Nginx HTTP’:

sudo ufw allow 'Nginx HTTP'

Copy

Open port 443 - HTTPS

HTTP connections can be allowed with the following command:

sudo ufw allow https

Copy

To achieve the same instead of https profile you can use the port number, 443:

sudo ufw allow 443/tcp

Copy

or you can use the application profile, ‘Nginx HTTPS’:

sudo ufw allow 'Nginx HTTPS'

Copy

Open port 8080

If you run Tomcat or any other application that listens on port 8080 to allow incoming connections type:

sudo ufw allow 8080/tcp

Copy

Allow Port Ranges

Instead of allowing access to single ports UFW allows us to allow access to port ranges. When allowing port ranges with UFW, you must specify the protocol, either tcp or udp. For example, if you want to allow ports from 7100 to 7200 on both tcp and udp then run the following command:

sudo ufw allow 7100:7200/tcp

sudo ufw allow 7100:7200/udp

Copy

Copy

Allow Specific IP Addresses

To allow access on all ports from your home machine with IP address of 64.63.62.61, specify from followed by the IP address you want to whitelist:

sudo ufw allow from 64.63.62.61

Copy

Allow Specific IP Addresses on Specific port

To allow access on a specific port let’s say port 22 from your work machine with IP address of 64.63.62.61, use to any port followed by the port number:

sudo ufw allow from 64.63.62.61 to any port 22

Copy

Allow Subnets

The command for allowing connection to a subnet of IP addresses is the same as when using a single IP address, the only difference is that you need to specify the netmask. For example, if you want to allow access for IP addresses ranging from 192.168.1.1 to 192.168.1.254 to port 3360 (MySQL ) you can use this command:

sudo ufw allow from 192.168.1.0/24 to any port 3306

ufw allow from 101.11.111/24 to any port 10000

sudo ufw allow from 202.22.192/24 to any port 22 proto tcp

Copy

Allow Connections to a Specific Network Interface

To allow access on a specific port let’s say port 3360 only to specific network interface eth2, then you need to specify allow in on and the name of the network interface:

sudo ufw allow in on eth2 to any port 3306

Copy

Deny connections

The default policy for all incoming connections is set to deny and if you haven’t changed it, UFW will block all incoming connection unless you specifically open the connection.

Let’s say you opened the ports 80 and 443 and your server is under attack from the 23.24.25.0/24 network. To deny all connections from 23.24.25.0/24 you can use the following command:

sudo ufw deny from 23.24.25.0/24

Copy

If you only want to deny access to ports 80 and 443 from 23.24.25.0/24 you can use the following command:

sudo ufw deny from 23.24.25.0/24 to any port 80

sudo ufw deny from 23.24.25.0/24 to any port 443

Copy

Copy

Writing deny rules is the same as writing allow rules, you only need to replace allow with deny.

Delete UFW Rules

Viewing and deleting existing rules


There are two different ways to delete UFW rules, by rule number and by specifying the actual rule.

Deleting UFW rules by rule number is easier especially if you are new to UFW. To delete a rule by a rule number first you need to find the number of the rule you want to delete, you can do that with the following command:

$ sudo ufw status numberedubuntu1804@linux:~$ sudo ufw status numberedStatus: active
     To                         Action      From     --                         ------      ----[ 1] 22/tcp                     ALLOW IN    Anywhere                  [ 2] Anywhere                   ALLOW IN    192.168.1.104             [ 3] 22/tcp (v6)                ALLOW IN    Anywhere (v6)       

To delete rule number 2, the rule that allows connections to any port from the IP address 192.168.1.104, use the following command: 

$ sudo ufw delete 2

The second method is to delete a rule by specifying the actual rule.

$ sudo ufw delete allow 22/tcp

 --------------------------------------------XXXX------------------------------------------------

sudo ufw status numbered

Copy

Status: active
     To                         Action      From     --                         ------      ----[ 1] 22/tcp                     ALLOW IN    Anywhere[ 2] 80/tcp                     ALLOW IN    Anywhere

[ 3] 8080/tcp                   ALLOW IN    Anywhere

Copy

To delete rule number 3, the rule that allows connections to port 8080, use the following command:

sudo ufw delete 3

Copy

The second method is to delete a rule by specifying the actual rule, for example if you added a rule to open port 8069 you can delete it with:

sudo ufw delete allow 8069

Copy

Disable UFW

If for any reason you want to stop UFW and deactivate all the rules you can use:

sudo ufw disable

Copy

Later if you want to re-enable UTF and activate all rules just type:

sudo ufw enable

Copy

Reset UFW

Resetting UFW will disable UFW, and delete all active rules. This is helpful if you want to revert all of your changes and start fresh.

To reset UFW simply type in the following command:

sudo ufw reset












































LL