Firewall - Guide To Open & Close Ports On Ubuntu/Debian Print

  • 0

How To Setup a Firewall with UFW on an Ubuntu and Debian Server

Get Started

 

Make sure UFW is installed. It should be installed by default in Ubuntu, but if for some reason it’s not, you can install the package using aptitude or apt-get using the following commands:

 

aptitude install ufw

 

or


apt-get install ufw

 

Check the Status

 

You can check the status of UFW by typing:


ufw status

 

You’ll get a listing of the current rules that looks similar to this:


Status: active To Action From -- ------ ---- 22 ALLOW Anywhere
 

Set Up Defaults

 

One of the things that will make setting up any firewall easier is to define some default rules for allowing and denying connections. UFW’s defaults are to deny all incoming connections and allow all outgoing connections. This means anyone trying to reach your cloud server would not be able to connect, while any application within the server would be able to reach the outside world. To set the defaults used by UFW, you would use the following commands:


sudo ufw default deny incoming

 

and


sudo ufw default allow outgoing

 

Note: if you want to be a little bit more restrictive, you can also deny all outgoing requests as well. The necessity of this is debatable, but if you have a public-facing cloud server, it could help prevent against any kind of remote shell connections. It does make your firewall more cumbersome to manage because you’ll have to set up rules for all outgoing connections as well. You can set this as the default with the following:


sudo ufw default deny outgoing

 

Allow Connections

 

The syntax is pretty simple. You change the firewall rules by issuing commands in the terminal. If we turned on our firewall now, it would deny all incoming connections. If you’re connected over SSH to your cloud server, that would be a problem because you would be locked out of your server. Let’s enable SSH connections to our server to prevent that from happening:


sudo ufw allow ssh

 

As you can see, the syntax for adding services is pretty simple. UFW comes with some defaults for common uses. Our SSH command above is one example. It’s basically just shorthand for:


sudo ufw allow 22/tcp

This command allows a connection on port 22 using the TCP protocol. If our SSH server is running on port 2020, we could enable connections with the following command:

 

ufw allow 2020/tcp

 

Other Connections We Might Need

 

Now is a good time to allow some other connections we might need. If we’re securing a web server with FTP access, we might need these commands:

sudo ufw allow www or sudo ufw allow 80/tcp sudo ufw allow ftp or sudo ufw allow 21/tcp

 

Port Ranges

 

You can also specify port ranges with UFW. To allow ports 1000 through 2000, use the command:


sudo ufw allow 1000:2000/tcp

 

If you want UDP:


sudo ufw allow 1000:2000/udp

 

Denying Connections

 

You could allow all connections and then restrictively deny ports you didn’t want to give access to by replacing “allow” with “deny” in the commands above. For example:


sudo ufw allow 80/tcp

 

would allow access to port 80 while:


sudo ufw deny 80/tcp

 

would deny access to port 80.

 

Deleting Rules

 

Following syntax:


ufw delete allow ssh

 

Other examples include:


ufw delete allow 80/tcp

 

or


ufw delete allow 1000:2000/tcp

 

This can get tricky when you have rules that are long and complex.

 

A simpler, two-step alternative is to type:


sudo ufw status numbered

 

which will have UFW list out all the current rules in a numbered list. Then, we issue the command:


sudo ufw delete [number]

 

where “[number]” is the line number from the previous command.

 

Turn It On

 

After we’ve gotten UFW to where we want it, we can turn it on using this command (remember: if you’re connecting via SSH, make sure you’ve set your SSH port,

commonly port 22, to be allowed to receive connections):


sudo ufw enable

 

You should see the command prompt again if it all went well. You can check the status of your rules now by typing:


ufw status

 

or


ufw status verbose

 

for the most thorough display.

 

To turn UFW off, use the following command:


ufw disable

 


Was this answer helpful?

« Back

Powered by WHMCompleteSolution