How To Configure and Set Up a Firewall on Ubuntu 16.04

UbuntuSafe & SecurityNetwork

In this article we will learn about – how to configure and setup UFW ( Firewall) on Ubuntu 16.04, UFW stands for Uncomplicated Firewall which acts as an interface to IPTABLES that simplifies the process of the configuration of firewalls it will be a very hard for a beginners to learns and configure the firewall rules where we will secure the network from unknown users are machines. UFW works on the policies we configure as rules.

Pre-requisites

  • For this, we needed a non-root user with root permission on the machine.

Installing the UFW (Firewall)

UFW is installed by default with Ubuntu, if not installed then we will install them using the below command –

$ sudo apt-get install ufw -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
   ufw
0 upgraded, 1 newly installed, 0 to remove and 88 not upgraded.
Need to get 149 kB of archives.
After this operation, 838 kB of additional disk space will be used.
Get:1 http://in.archive.ubuntu.com/ubuntu xenial/main amd64 ufw all 0.35-0ubuntu2 [149 kB]
Fetched 149 kB in 0s (165 kB/s)
Preconfiguring packages ...
Selecting previously unselected package ufw.
(Reading database ... 98515 files and directories currently installed.)
Preparing to unpack .../ufw_0.35-0ubuntu2_all.deb ..
Unpacking ufw (0.35-0ubuntu2) ...
Processing triggers for systemd (229-4ubuntu10) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up ufw (0.35-0ubuntu2) ...

Enabling the UFW (Firewall)

Below is the command to enable the UFW –

$ sudo ufw enable
Command may disrupt existing SSH connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

Disabling the UFW (Firewall)

Below is the command to disable the UFW firewall.

$ sudo ufw disable

Firewall stopped and disabled on system startupspesifikasi android

Enabling the Default Policies

As the beginner, we will first configure default policies, which control and handles the traffic which will not match the other rules. By default, the rules will deny all incoming connections and allow all outgoing connections will be allowed which stops someone trying to reach the machine from the internet world.

$ sudo ufw default deny incoming
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)

$ sudo ufw default allow outgoing
Default outgoing policy changed to 'allow'
(be sure to update your rules accordingly)

Enabling SSH Connections

Using the above commands, we have disabled all the incoming connections, it will deny all the incoming connections, we needed to create a rule which will explicitly allow the SSH incoming connection.

Below is the command to enable the incoming connection for SSH.

$ sudo ufw allow ssh
Rule added
Rule added (v6)

With the above command, the port 22 will be allowed for incoming connections. We can use the below command directly using the port no 22 to allow the SSH connections.

$ sudo ufw allow 22
Skipping adding existing rule
Skipping adding existing rule (v6)

However, if we have configured the SSH daemon to use a different port like 2022 or 1022, then we can use the below command –

$ sudo ufw allow 1022
Rule added
Rule added (v6)

Checking the UFW (Firewall) Status

Below is the command to check the current status of the firewall rules.

$ sudo ufw status
Status: active
To             Action          From
--             ------          ----
22             ALLOW          Anywhere
2222           DENY           Anywhere
1022           ALLOW          Anywhere
22 (v6)        ALLOW          Anywhere (v6)
2222 (v6)      DENY           Anywhere (v6)
1022 (v6)      ALLOW          Anywhere (v6)

Enabling the UFW for regular port like (HTTP, HTTPS & FTP)

At this point, we will allow others to connect to the server for the regular ports like HTPP, HTTPS, and FTP ports respectively.

HTTP port 80

$ sudo ufw allow 80
Rule added
Rule added (v6)

We can check the UFW (Firewall) status using the below command

$ sudo ufw status
Status: active
To             Action          From
--             ------          ----
22             ALLOW          Anywhere
2222           DENY           Anywhere
1022           ALLOW          Anywhere
80             ALLOW          Anywhere
22 (v6)        ALLOW          Anywhere (v6)
2222 (v6)      DENY           Anywhere (v6)
1022 (v6)      ALLOW          Anywhere (v6)
80 (v6)        ALLOW          Anywhere (v6)

Like that will use the below command to enable HTTPs and FTP ports (443 and 21) respectively.

$ sudo ufw allow https
Rule added
Rule added (v6)

$ sudo ufw allow ftp
Rule added
Rule added (v6)

Enabling to Allow Specific Range of Ports

We can also allow or deny particular ranges of ports with UFW to allow the multiple ports instead of allowing single ports.

Below is the command to enable a specific range of ports.

$ sudo ufw allow 500:800/tcp
Rule added
Rule added (v6)

Enable to Allow specific IP Addresses

If we want to allow a particular machine to allow for all the ports. We can use the below command.

$ sudo ufw allow from 192.168.100.1
Rule added

If we want to allow for only specific port we can use the below command.

$ sudo ufw allow from 192.168.100.1 to any port 8080
Rule added

If we want to enable the specific subnets like we want to enable for office networks we can use the below command.

$ sudo ufw allow from 192.168.0.0/24
Rule added

Deny the Connections or Rules

If we want to deny any ports or network we can use the below commands to deny the connections.

$ sudo ufw deny http
Rule updated
Rule updated (v6)

If we want to deny all the connects from a specific network we can use the below command.

$ sudo ufw deny from 192.168.2.1
Rule added

Deleting the Rules

We can delete the rules in two ways one with the actual rules and other with the rules numbers.

Actual Rules

The rules can be deleted using the actual rule which we allowed using the allow command.

Below is the command to delete the HTTP rules from UFW.

$ sudo ufw delete allow http
Rule deleted
Rule deleted (v6)

Rules Number

We can use the Rules numbers to delete the firewall rules, we can get the list of firewall rules with the below command.

$ sudo ufw status numbered
Status: active
To                      Action             From
--                      ------             ----
[ 1] 2222               DENY IN            Anywhere
[ 2] 1022               ALLOW IN           Anywhere
[ 3] 443                ALLOW IN           Anywhere
[ 4] 21/tcp             ALLOW IN           Anywhere
[ 5] 500:800/tcp        ALLOW IN           Anywhere
[ 6] Anywhere           ALLOW IN           192.168.100.1
[ 7] 8080               ALLOW IN           192.168.100.1
[ 8] Anywhere           ALLOW IN           192.168.0.0/24
[ 9] Anywhere           DENY IN            192.168.2.1
[10] 2222 (v6)          DENY IN            Anywhere (v6)
[11] 1022 (v6)          ALLOW IN           Anywhere (v6)
[12] 443 (v6)           ALLOW IN           Anywhere (v6)
[13] 21/tcp (v6)        ALLOW IN           Anywhere (v6)
[14] 500:800/tcp (v6)   ALLOW IN           Anywhere (v6)

If we want to delete the rule 14, then we can use the below command to delete the rules with the below command.

$ sudo ufw delete 14
Deleting:
allow 500:800/tcp
Proceed with operation (y|n)? y
Rule deleted (v6)

In this article, we have learned about – How to install, enable and disable the UFW firewall. Also, we will learn about how to allow, deny and delete the rules which will allow us to secure a server.

raja
Published on 23-Jan-2020 07:47:45
Advertisements