Difference between revisions of "Operating Systems/Linux/Ubuntu/Ubuntu 16.04 LTS/Firewalls"

From Vista Ridge Cyberpatriot
Jump to navigation Jump to search
 
(5 intermediate revisions by 2 users not shown)
Line 10: Line 10:
  
 
==== Status ====
 
==== Status ====
#To check if ufw is enabled, run:
+
To check if ufw is enabled, run:
  
#<code>sudo ufw status</code>
+
<code>sudo ufw status</code>
#Output:
+
Output:
#<code>Status: inactive</code>
+
<code>Status: inactive</code>
#The output will indicate if your firewall is active or not.
+
The output will indicate if your firewall is active or not.
  
 
==== Enabling ====
 
==== Enabling ====
#If you got <code>Status: inactive message</code> when running ufw status, it means the firewall is not yet enabled on the system. You’ll need to run a command to enable it.
+
If you got <code>Status: inactive message</code> when running <code>ufw status</code>, it means the firewall is not yet enabled on the system. You’ll need to run this command to enable it:
To check if ufw is enabled, refer to Status
+
 
 +
<code>sudo ufw enable</code>
  
 
==== Disabling ====  
 
==== Disabling ====  
If for some reason you need to disable UFW, you can do so with the following command:
+
If you need to disable UFW, you can do so with the following command:
  
sudo ufw disable
+
<code>sudo ufw disable</code>
  
Be aware that this command will fully disable the firewall service on your system.
+
Be aware that this command will fully disable the firewall service on the system.
  
 
==== Blocking an IP ====
 
==== Blocking an IP ====
Block an IP Address
+
To block all network connections that originate from a specific IP address, run the following command, replacing the IP address with the IP address that you want to block:
To block all network connections that originate from a specific IP address, run the following command, replacing the highlighted IP address with the IP address that you want to block:
+
 
 +
<code>sudo ufw deny from 203.0.113.100</code>
 +
 
 +
<code>Output</code>
 +
<code>Rule added</code>
  
sudo ufw deny from 203.0.113.100
+
In this example, from 203.0.113.100 specifies a source IP address of (enter IP address here).
Output
 
Rule added
 
In this example, from 203.0.113.100 specifies a source IP address of “203.0.113.100”.
 
  
If you run sudo ufw status now, you’ll see the specified IP address listed as denied:
+
If you run <code>sudo ufw</code> status now, you’ll see the specified IP address listed as denied:
  
Output
+
<code>Output</code>
Status: active
+
<code>Status: active</code>
  
 
To                        Action      From
 
To                        Action      From
Line 48: Line 50:
  
 
==== Blocking a subnet ====  
 
==== Blocking a subnet ====  
If you need to block a full subnet, you may use the subnet address as from parameter on the ufw deny command. This would block all IP addresses in the example subnet 203.0.113.0/24:
+
If you need to block a full subnet, you may use the subnet address as from parameter on the <code>ufw deny</code> command. This would block all IP addresses in the example subnet 203.0.113.0/24:
  
sudo ufw deny from 203.0.113.0/24
+
<code>sudo ufw deny from 203.0.113.0/24</code>
  
Output:
+
<code>Output:</code>
Rule added
+
<code>Rule added</code>
  
 
==== Allowing an IP adress ====
 
==== Allowing an IP adress ====
 
To allow all network connections that originate from a specific IP address, run the following command, replacing the highlighted IP address with the IP address that you want to allow access:
 
To allow all network connections that originate from a specific IP address, run the following command, replacing the highlighted IP address with the IP address that you want to allow access:
  
sudo ufw allow from 203.0.113.101
+
<code>sudo ufw allow from (enter IP address here)</code>
Output
+
 
Rule added
+
<code>Output</code>
If you run sudo ufw status now, you’ll see output similar to this, showing the word ALLOW next to the IP address you just added.
+
 
 +
<code>Rule added</code>
  
Output
+
If you run <code>sudo ufw status</code> now, you’ll see output similar to this, showing the word ALLOW next to the IP address you just added.
Status: active
+
 
 +
<code>Output
 +
Status: active</code>
  
 
To                        Action      From
 
To                        Action      From
Line 71: Line 76:
 
Anywhere                  ALLOW      203.0.113.101  
 
Anywhere                  ALLOW      203.0.113.101  
 
You can also allow connections from a whole subnet by providing the corresponding subnet mask for a host, such as 203.0.113.0/24.
 
You can also allow connections from a whole subnet by providing the corresponding subnet mask for a host, such as 203.0.113.0/24.
 
==== Delete Rules ====
 
Delete UFW Rule
 
To delete a rule that you previously set up within UFW, use ufw delete followed by the rule (allow or deny) and the target specification. The following example would delete a rule previously set to allow all connections from an IP address of 203.0.113.101:
 
 
sudo ufw delete allow from 203.0.113.101
 
Output
 
Rule deleted
 
Another way to specify which rule you want to delete is by providing the rule ID. This information can be obtained with the following command:
 
 
sudo ufw status numbered
 
Output
 
Status: active
 
 
    To                        Action      From
 
    --                        ------      ----
 
[ 1] Anywhere                  DENY IN    203.0.113.100           
 
[ 2] Anywhere on eth0          ALLOW IN    203.0.113.102           
 
From the output, you can see that there are two active rules. The first rule, with highlighted values, denies all connections coming from the IP address 203.0.113.100. The second rule allows connections on the eth0 interface coming in from the IP address 203.0.113.102.
 
 
Because by default UFW already blocks all external access unless explicitly allowed, the first rule is redundant, so you can remove it. To delete a rule by its ID, run:
 
 
sudo ufw delete 1
 
You will be prompted to confirm the operation and to make sure the ID you’re providing refers to the correct rule you want to delete.
 
 
Output
 
Deleting:
 
deny from 203.0.113.100
 
Proceed with operation (y|n)? y
 
Rule deleted
 
If you list your rules again with sudo ufw status, you’ll see that the rule was removed.
 
  
 
==== GUI ====
 
==== GUI ====

Latest revision as of 21:31, 10 April 2025

Why?[edit | edit source]

Firewalls are critical for secure computer usage as prevent unwanted (and potentially malicious) connections from being made.

UFW[edit | edit source]

What is it?[edit | edit source]

UFW standing for Uncomplicated FireWall, is the integrated firewall in all versions of Ubuntu 8.04 LTS and later; it has a graphical element (GUFW) that is also available for use. It is a firewall configuration tool running on top of iptables. UFW is a powerful tool that can greatly improve the security of your servers when properly configured.

How to configure[edit | edit source]

Status[edit | edit source]

To check if ufw is enabled, run:

sudo ufw status Output: Status: inactive The output will indicate if your firewall is active or not.

Enabling[edit | edit source]

If you got Status: inactive message when running ufw status, it means the firewall is not yet enabled on the system. You’ll need to run this command to enable it:

sudo ufw enable

Disabling[edit | edit source]

If you need to disable UFW, you can do so with the following command:

sudo ufw disable

Be aware that this command will fully disable the firewall service on the system.

Blocking an IP[edit | edit source]

To block all network connections that originate from a specific IP address, run the following command, replacing the IP address with the IP address that you want to block:

sudo ufw deny from 203.0.113.100

Output Rule added

In this example, from 203.0.113.100 specifies a source IP address of (enter IP address here).

If you run sudo ufw status now, you’ll see the specified IP address listed as denied:

Output Status: active

To Action From -- ------ ---- Anywhere DENY 203.0.113.100 All connections, coming in or going out, are blocked for the specified IP address.

Blocking a subnet[edit | edit source]

If you need to block a full subnet, you may use the subnet address as from parameter on the ufw deny command. This would block all IP addresses in the example subnet 203.0.113.0/24:

sudo ufw deny from 203.0.113.0/24

Output: Rule added

Allowing an IP adress[edit | edit source]

To allow all network connections that originate from a specific IP address, run the following command, replacing the highlighted IP address with the IP address that you want to allow access:

sudo ufw allow from (enter IP address here)

Output

Rule added

If you run sudo ufw status now, you’ll see output similar to this, showing the word ALLOW next to the IP address you just added.

Output Status: active

To Action From -- ------ ---- ... Anywhere ALLOW 203.0.113.101 You can also allow connections from a whole subnet by providing the corresponding subnet mask for a host, such as 203.0.113.0/24.

GUI[edit | edit source]

  1. Press Alt+F2 and run GUFW, pass the authentication check
  2. Turn the status slider to "on"

CLI[edit | edit source]

  1. open the terminal
  2. sudo ufw enable
  3. you can use ufw -help to find other commands for further customization
Retrieved from "https://cypat.rainbowunicorn.org/index.php?title=Operating_Systems/Linux/Ubuntu/Ubuntu_16.04_LTS/Firewalls&oldid=362"