ufw stands for Uncomplicated FireWall and is the default firewall bundled with many linux distos. It provides a front end to iptables so they can be managed in a user friendly way. Here's a quick guide on how to set it up.

Check that the following is set in /etc/default/ufw IPV6=yes

Check current status:

 MicroServer default # ufw status verbose
 Status: inactive

Set defaults

 MicroServer default # ufw default deny incoming
 Default incoming policy changed to 'deny'
 (be sure to update your rules accordingly)
 MicroServer default # ufw default allow outgoing
 Default outgoing policy changed to 'allow'
 (be sure to update your rules accordingly)

On my server these were already set in /etc/default/ufw so this not be necessary but does no harm

Add a custom SSH rule (I access my server externally via SSH)

 MicroServer default # ufw allow from 193.130.196.0/24 to any port 22
 Rules updated

Start firewall and check

 MicroServer default # ufw enable
 Firewall is active and enabled on system startup
 MicroServer default # 
 MicroServer default # ufw status verbose
 Status: active
 Logging: on (low)
 Default: deny (incoming), allow (outgoing), deny (routed)
 New profiles: skip
 
 To                         Action      From
 --                         ------      ----
 22/tcp                     ALLOW IN    192.168.11.0/24           
 22/tcp                     ALLOW IN    193.130.197.0/24          
 22/tcp                     ALLOW IN    83.132.222.0/24           
 22/tcp                     ALLOW IN    193.130.196.0/24          
 22/tcp                     ALLOW IN    192.168.0.0/24            
 22                         ALLOW IN    193.130.196.0/24          

status shows logging is enabled (on low) default rules and custom ssh rules (some I had already added via iptables)

Now I need to allow access from the ssh client on my phone.to do this, try to access yje server from your phone and check the log for phones IP address /var/log/ufw and add a rule

 MicroServer default # ufw allow from 82.27.135.0/24 to any port 22
 Rule added

oops, I made a typo in IP address, delete it

 MicroServer default # ufw status numbered
 Status: active
 
      To                         Action      From
      --                         ------      ----
 [ 1] 22/tcp                     ALLOW IN    192.168.11.0/24           
 [ 2] 22/tcp                     ALLOW IN    193.130.197.0/24          
 [ 3] 22/tcp                     ALLOW IN    83.132.222.0/24           
 [ 4] 22/tcp                     ALLOW IN    193.130.196.0/24          
 [ 5] 22/tcp                     ALLOW IN    192.168.0.0/24            
 [ 6] 22                         ALLOW IN    193.130.196.0/24          
 [ 7] 22                         ALLOW IN    82.27.135.0/24     
 MicroServer default # ufw delete 7
 Deleting:
  allow from 82.27.135.0/24 to any port 22
 Proceed with operation (y|n)? y
 Rule deleted
 MicroServer default # ufw allow from 82.27.136.0/24 to any port 22
 Rule added

And that's pretty much it. You can add or delete rules as required.

Recent Changes