Setting up a ufw firewall [JustSomeStuff]

ufw stands for Uncomplicated FireWall and is the default firewall bundled with many linux distos. It provides a front end to iptables so they can be managed in a user friendly way. Here's a quick guide on how to set it up.

Check that the following is set in /etc/default/ufw IPV6=yes

Check current status:

 MicroServer default # ufw status verbose
 Status: inactive

Set defaults

 MicroServer default # ufw default deny incoming
 Default incoming policy changed to 'deny'
 (be sure to update your rules accordingly)
 MicroServer default # ufw default allow outgoing
 Default outgoing policy changed to 'allow'
 (be sure to update your rules accordingly)

On my server these were already set in /etc/default/ufw so this not be necessary but does no harm

Add a custom SSH rule (I access my server externally via SSH)

 MicroServer default # ufw allow from 193.130.196.0/24 to any port 22
 Rules updated

Start firewall and check

 MicroServer default # ufw enable
 Firewall is active and enabled on system startup
 MicroServer default # 
 MicroServer default # ufw status verbose
 Status: active
 Logging: on (low)
 Default: deny (incoming), allow (outgoing), deny (routed)
 New profiles: skip
 
 To                         Action      From
 --                         ------      ----
 22/tcp                     ALLOW IN    192.168.11.0/24           
 22/tcp                     ALLOW IN    193.130.197.0/24          
 22/tcp                     ALLOW IN    83.132.222.0/24           
 22/tcp                     ALLOW IN    193.130.196.0/24          
 22/tcp                     ALLOW IN    192.168.0.0/24            
 22                         ALLOW IN    193.130.196.0/24

status shows logging is enabled (on low) default rules and custom ssh rules (some I had already added via iptables)

Now I need to allow access from the ssh client on my phone.to do this, try to access yje server from your phone and check the log for phones IP address /var/log/ufw and add a rule

 MicroServer default # ufw allow from 82.27.135.0/24 to any port 22
 Rule added

oops, I made a typo in IP address, delete it

 MicroServer default # ufw status numbered
 Status: active
 
      To                         Action      From
      --                         ------      ----
 [ 1] 22/tcp                     ALLOW IN    192.168.11.0/24           
 [ 2] 22/tcp                     ALLOW IN    193.130.197.0/24          
 [ 3] 22/tcp                     ALLOW IN    83.132.222.0/24           
 [ 4] 22/tcp                     ALLOW IN    193.130.196.0/24          
 [ 5] 22/tcp                     ALLOW IN    192.168.0.0/24            
 [ 6] 22                         ALLOW IN    193.130.196.0/24          
 [ 7] 22                         ALLOW IN    82.27.135.0/24     
 MicroServer default # ufw delete 7
 Deleting:
  allow from 82.27.135.0/24 to any port 22
 Proceed with operation (y|n)? y
 Rule deleted
 MicroServer default # ufw allow from 82.27.136.0/24 to any port 22
 Rule added

And that's pretty much it. You can add or delete rules as required.

Still stuck? Maybe we can help. Contact us at Upwork

Never miss a thing subscribe to our newsletter or follow us on twitter

For more super cool techie stuff check out our blog!!

Recent Changes

Contribute to this wiki

Why not help others by sharing your knowledge? Contribute something to this wiki and join out hall of fame!
Contact us for a user name and password