When I heard the name Firewall for computer network, I imagined it to be a protective layer that destroys anything harmful in the transport. Like a wall of actual fire (please don't judge me, I was young and imaginative)
As I grew up, the urge to learn more about firewall was lost in the process of learning cooler and commercially viable technologies. But back in 2011, I tried to deploy a WordPress application in a linux server for the very first time. I did it several times in shared hosting, but never did it by my own on a Linux server. And after I deployed the application, I expected everything to work, I even made a curl request from inside the server, and it seems to be working fine.
But when I tried to access the application from outside, The application wasn't working 😠. I tried everything(I thought I did), still no luck. Then I did what every other engineer would do, I searched for the solution and found it in StackOverflow.
The solution had something to do with
iptables , I just copied and pasted Like a boss, and then the problem was solved. And I had an impression that
iptable is a tool that opens and closes ports from a linux computer (Still didn't know that was a firewall)
I came back to
iptables while writing an article in my blog, with full disclosure, I did not know too much about
iptables back then, but I had to study it, and when I looked up
iptables I also got introduced with linux host firewall, and their working principles. I had a really tough time figuring out the syntax for
iptables command and I always keep forgetting them.
Two years ago, One of my Colleagues introduced me to
ufw , and I was surprised to see how convenient it was. Suddenly managing
iptables became super fun.
Most ubuntu distributions come with
ufw preinstalled, if it's not included, installing it just a package manager command away. And once installed,
ufw is disabled by default, and it should.
Let's start by adding some ground rules, Turn off all incoming connections:
sudo ufw default deny incoming
This rule states that incoming connection will be blocked in all the ports (If you are doing it with ssh, don't worry. This rule will only be effective when
ufw is enabled)
Let's allow all outgoing connections(Unless you want to restrict your applications to make outgoing connection...and of course, apt won't work either)
sudo ufw default allow outgoing
So far the rules are straightforward, Application on the linux computer can communicate with other computers, but they are not accessible from outside of the server. For example: you can download files from other servers from that linux machine, but nothing will be downloaded from that server.
Let's start opening windows (pun intended) for some of the services. Let's start by opening SSH:
sudo ufw allow ssh
ufw knows the default port for SSH (22), so the command will open incoming connection for port 22. If you belong to the clever people group and change the ssh port, you can also mention the port number. For example if the port is 2200:
sudo ufw allow 2200
Now if you are planning to run a
HTTP/HTTPS Application, those ports can be opened in the same way:
## FOR HTTP # By Protocol name sudo ufw allow http # Or you can enable by port number sudo ufw allow 80 ## FOR HTTPS # By Protocol name sudo ufw allow https # Or you can enable by port number sudo ufw allow 443
When you are done with all the opening and closing, Now it's time to enable
ufw , that is one command away. Just run the following command:
sudo ufw enable
You might see a warning about SSH, like this screenshot below. In that case, don't worry, we already allowed SSH port. Just input
Congratulations! You have successfully configured a basic client firewall. If you run the command
sudo ufw status , you should see something like the following:
Status: active To Action From -- ------ ---- 22 ALLOW Anywhere 80 ALLOW Anywhere 443 ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6) 80 (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6)
It means everything is working correctly.
Now, Firewalls, even
ufw is more sophisticated and powerful, and I really could not do enough justice to the useful tool with this small article. Please find some of the resources available to learn more about
Hope you Article helped you in some way.