An uncomplicated introduction to Firewall in linux(UFW on Ubuntu)
When I heard the name Firewall for computer network, I imagined it to be a protective layer that destroys anything harmful in the transport. Like a wall of actual fire (please don't judge me, I was young and imaginative)
As I grew up, the urge to learn more about firewall was lost in the process of learning cooler and commercially viable technologies. But back in 2011, I tried to deploy a WordPress application in a linux server for the very first time. I did it several times in shared hosting, but never did it by my own on a Linux server. And after I deployed the application, I expected everything to work, I even made a curl request from inside the server, and it seems to be working fine.
But when I tried to access the application from outside, The application wasn't working 😠. I tried everything(I thought I did), still no luck. Then I did what every other engineer would do, I searched for the solution and found it in StackOverflow.
The solution had something to do with iptables
, I just copied and pasted Like a boss, and then the problem was solved. And I had an impression that iptable
is a tool that opens and closes ports from a linux computer (Still didn't know that was a firewall)
I came back to iptables
while writing an article in my blog, with full disclosure, I did not know too much about iptables
back then, but I had to study it, and when I looked up iptables
I also got introduced with linux host firewall, and their working principles. I had a really tough time figuring out the syntax for iptables
command and I always keep forgetting them.
Two years ago, One of my Colleagues introduced me to ufw
, and I was surprised to see how convenient it was. Suddenly managing iptables
became super fun.
Most ubuntu distributions come with ufw
preinstalled, if it's not included, installing it just a package manager command away. And once installed, ufw
is disabled by default, and it should.
Let's start by adding some ground rules, Turn off all incoming connections:
sudo ufw default deny incoming
This rule states that incoming connection will be blocked in all the ports (If you are doing it with ssh, don't worry. This rule will only be effective when ufw
is enabled)
Let's allow all outgoing connections(Unless you want to restrict your applications to make outgoing connection...and of course, apt won't work either)
sudo ufw default allow outgoing
So far the rules are straightforward, Application on the linux computer can communicate with other computers, but they are not accessible from outside of the server. For example: you can download files from other servers from that linux machine, but nothing will be downloaded from that server.
Let's start opening windows (pun intended) for some of the services. Let's start by opening SSH:
sudo ufw allow ssh
ufw
knows the default port for SSH (22), so the command will open incoming connection for port 22. If you belong to the clever people group and change the ssh port, you can also mention the port number. For example if the port is 2200:
sudo ufw allow 2200
Now if you are planning to run a HTTP/HTTPS
Application, those ports can be opened in the same way:
## FOR HTTP
# By Protocol name
sudo ufw allow http
# Or you can enable by port number
sudo ufw allow 80
## FOR HTTPS
# By Protocol name
sudo ufw allow https
# Or you can enable by port number
sudo ufw allow 443
When you are done with all the opening and closing, Now it's time to enable ufw
, that is one command away. Just run the following command:
sudo ufw enable
You might see a warning about SSH, like this screenshot below. In that case, don't worry, we already allowed SSH port. Just input y
Congratulations! You have successfully configured a basic client firewall. If you run the command sudo ufw status
, you should see something like the following:
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
It means everything is working correctly.
Now, Firewalls, even ufw
is more sophisticated and powerful, and I really could not do enough justice to the useful tool with this small article. Please find some of the resources available to learn more about ufw
Hope you Article helped you in some way.