Secure Your Linux Server with a Firewall

firewall1f8c95.png

A firewall is the last point of contact before anyone in the vast internet can get into your server. Getting a firewall up is crucial before deploying a server online.

UFW means Uncomplicated Firewall and is included in Ubuntu. Iptables is the standard firewall built into Linux and is more popular for the experts to do more complex rulesets. UFW allows a user to create iptables rules through a simpler interface.

UFW-Firewall60bc2.jpg


Installation

UFW is included in Ubuntu. If yo haven't recently, just do a quick update:

sudo apt-get update

Check UFW status:

sudo ufw status

It should say "inactive".


Configuration

sudo ufw default allow outgoing
sudo ufw default deny incoming

For SSH, do either:

sudo ufw allow ssh or sudo ufw allow 22

Now run:

sudo ufw enable

You will get asked:

ufw384bc.png

Choose "yes". I didn't lose my connection.

Finally, do:

ufw status

And you will see UFW is up with SSH port 22 enabled.

ufw207c27.png

Additional Options

Changes can also be made to the config file at:

sudo vi /etc/default/ufw

If you make changes to the config or through the command line, do sudo ufw disable and sudo ufw enable again. sudo ufw status will always tell you if its on or not.

To deny port traffic you can do: sudo ufw deny 111

This can apply with any port used for an application, like http, and apply to TCP or UDP segments: sudo ufw allow http/tcp and sudo ufw allow 1725/udp. Just do the ssh allow command for now. More advanced setting allow for allowing or blocking by specific IP as well.

If ever you want to remove a rule, use: sudo ufw delete allow 22 or ssh instead of 22.

If you want to see the logs in /var/logs/ufw, then enable logging with:

sudo ufw logging on

There are more parameters for the logging, please check the wiki for more info.


Summary

To get started, here it is all in one:

sudo apt-get update
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw enable

And that's it for now. Firewall setup completed!

All outgoing connections from your server to the internet are open, and all incoming connections from the internet to your server are closed off, except port 22 for SSH. If you setup a webserver, port 80 needs to be opened unless you change the default port. Any other program to allow external access needs the port opened as well.

Setting this up is almost a breeze, it types itself. If you want more power, check out iptables!


[Images: 1, 2]

[References: 1, 2, 3]


Thank you for your time and attention! I appreciate the knowledge reaching more people. Take care. Peace.

Payout Selected


If you appreciate and value the content, please consider:
Upvoting upvote91a69.png ,    Sharing share2195b.png and   Reblogging reblog33b5f.png below.

Follow me for more content to come!


@krnel
2016-11-30, 6:35am

H2
H3
H4
3 columns
2 columns
1 column
5 Comments