Setting up a ufw firewall
ufw stands for Uncomplicated FireWall and is the default firewall bundled with many linux distos. It provides a front end to iptables so they can be managed in a user friendly way. Here's a quick guide on how to set it up.
Check that the following is set in /etc/default/ufw IPV6=yes
Check current status:
MicroServer default # ufw status verbose Status: inactive
Set defaults
MicroServer default # ufw default deny incoming Default incoming policy changed to 'deny' (be sure to update your rules accordingly) MicroServer default # ufw default allow outgoing Default outgoing policy changed to 'allow' (be sure to update your rules accordingly)
On my server these were already set in /etc/default/ufw so this not be necessary but does no harm
Add a custom SSH rule (I access my server externally via SSH)
MicroServer default # ufw allow from 193.130.196.0/24 to any port 22 Rules updated
Start firewall and check
MicroServer default # ufw enable Firewall is active and enabled on system startup MicroServer default # MicroServer default # ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), deny (routed) New profiles: skip To Action From -- ------ ---- 22/tcp ALLOW IN 192.168.11.0/24 22/tcp ALLOW IN 193.130.197.0/24 22/tcp ALLOW IN 83.132.222.0/24 22/tcp ALLOW IN 193.130.196.0/24 22/tcp ALLOW IN 192.168.0.0/24 22 ALLOW IN 193.130.196.0/24
status shows logging is enabled (on low) default rules and custom ssh rules (some I had already added via iptables)
Now I need to allow access from the ssh client on my phone.to do this, try to access yje server from your phone and check the log for phones IP address /var/log/ufw and add a rule
MicroServer default # ufw allow from 82.27.135.0/24 to any port 22 Rule added
oops, I made a typo in IP address, delete it
MicroServer default # ufw status numbered Status: active To Action From -- ------ ---- [ 1] 22/tcp ALLOW IN 192.168.11.0/24 [ 2] 22/tcp ALLOW IN 193.130.197.0/24 [ 3] 22/tcp ALLOW IN 83.132.222.0/24 [ 4] 22/tcp ALLOW IN 193.130.196.0/24 [ 5] 22/tcp ALLOW IN 192.168.0.0/24 [ 6] 22 ALLOW IN 193.130.196.0/24 [ 7] 22 ALLOW IN 82.27.135.0/24 MicroServer default # ufw delete 7 Deleting: allow from 82.27.135.0/24 to any port 22 Proceed with operation (y|n)? y Rule deleted MicroServer default # ufw allow from 82.27.136.0/24 to any port 22 Rule added
And that's pretty much it. You can add or delete rules as required.
Recent Changes
Contribute to this wiki
Why not help others by sharing your knowledge? Contribute something to this wiki and
join out hall of fame!
Contact us for a user name and password