Quickly Harden Your Ubuntu Server by Enabling a FireWall Tips, Tricks and Tutorials 19 DEC 2013

ubuntu-10-logoNowadays it would seem really silly to connect a machine to the Internet without some sort of firewall enabled so as to afford it at least a little bit of shielding against the big bad world out there.

A quick and easy solution for Ubuntu is the Uncomplicated Firewall, aka ufw package.

From the documentation: The default firewall configuration tool for Ubuntu is ufw. Developed to ease iptables firewall configuration, ufw provides a user friendly way to create an IPv4 or IPv6 host-based firewall. By default ufw is disabled.

Although it should be installed on your Ubuntu server by default, in the event it isn’t then this is easily enough rectified by running:

sudo apt-get install ufw

Next up is to ensure the ports you know need to be opened up to the rest of the world are indeed enabled in ufw. Needless to say, if this is a remote server then SSH HAS to be enabled, so do that one first! To enable, i.e. add a port, simply run:

sudo ufw allow 22

Note, you can modify the above to control which type of traffic (tcp/udp) it allows through, but for this simple example the above is perfectly fine. If you are setting up a webserver then generally you want to open up FTP (21), SSH (22), HTTP (80), and HTTPS (443).

With SSH access ensured, you can then change the default behaviour to block all incoming traffic not catered for by the allow rules.

sudo ufw default deny

You can check up the status by running:

sudo ufw status verbose

Once you’re happy with your config, enable ufw and if you really want to be sure that ufw rules are being run, reboot your server just for the heck of it.

sudo ufw enable
sudo reboot now

Pretty simple, but well worth knowing.

Related Link: https://help.ubuntu.com/community/UFW

Related Posts:

About Craig Lotter

South African software architect and developer at Touchwork. Husband to a cupcake baker and father to two little girls. I don't have time for myself any more.