Difference between revisions of "Operating Systems/Linux/Ubuntu/Ubuntu 16.04 LTS/Firewalls"
| Line 5: | Line 5: | ||
=== What is it? === | === What is it? === | ||
| − | UFW standing for Uncomplicated FireWall, is the integrated firewall in all versions of Ubuntu 8.04 LTS and later; it has a graphical element (GUFW) that is also available for use. It is a firewall configuration tool running on top of iptables. | + | UFW standing for Uncomplicated FireWall, is the integrated firewall in all versions of Ubuntu 8.04 LTS and later; it has a graphical element (GUFW) that is also available for use. It is a firewall configuration tool running on top of iptables. UFW is a powerful tool that can greatly improve the security of your servers when properly configured. |
=== How to configure === | === How to configure === | ||
Revision as of 21:45, 29 June 2023
Why?
Firewalls are critical for secure computer usage as prevent unwanted (and potentially malicious) connections from being made.
UFW
What is it?
UFW standing for Uncomplicated FireWall, is the integrated firewall in all versions of Ubuntu 8.04 LTS and later; it has a graphical element (GUFW) that is also available for use. It is a firewall configuration tool running on top of iptables. UFW is a powerful tool that can greatly improve the security of your servers when properly configured.
How to configure
Status
To check if ufw is enabled, run:
sudo ufw status Output Status: inactive The output will indicate if your firewall is active or not.
Enabling
If you got a Status: inactive message when running ufw status, it means the firewall is not yet enabled on the system. You’ll need to run a command to enable it. To check if ufw is enabled, refer to Status
Disabling
If for some reason you need to disable UFW, you can do so with the following command:
sudo ufw disable
Be aware that this command will fully disable the firewall service on your system.
Blocking an IP
Block an IP Address To block all network connections that originate from a specific IP address, run the following command, replacing the highlighted IP address with the IP address that you want to block:
sudo ufw deny from 203.0.113.100 Output Rule added In this example, from 203.0.113.100 specifies a source IP address of “203.0.113.100”.
If you run sudo ufw status now, you’ll see the specified IP address listed as denied:
Output Status: active
To Action From -- ------ ---- Anywhere DENY 203.0.113.100 All connections, coming in or going out, are blocked for the specified IP address.
Blocking a subnet
If you need to block a full subnet, you may use the subnet address as from parameter on the ufw deny command. This would block all IP addresses in the example subnet 203.0.113.0/24:
sudo ufw deny from 203.0.113.0/24
Output: Rule added
Allowing an IP adress
To allow all network connections that originate from a specific IP address, run the following command, replacing the highlighted IP address with the IP address that you want to allow access:
sudo ufw allow from 203.0.113.101 Output Rule added If you run sudo ufw status now, you’ll see output similar to this, showing the word ALLOW next to the IP address you just added.
Output Status: active
To Action From -- ------ ---- ... Anywhere ALLOW 203.0.113.101 You can also allow connections from a whole subnet by providing the corresponding subnet mask for a host, such as 203.0.113.0/24.
Delete Rules
Delete UFW Rule To delete a rule that you previously set up within UFW, use ufw delete followed by the rule (allow or deny) and the target specification. The following example would delete a rule previously set to allow all connections from an IP address of 203.0.113.101:
sudo ufw delete allow from 203.0.113.101 Output Rule deleted Another way to specify which rule you want to delete is by providing the rule ID. This information can be obtained with the following command:
sudo ufw status numbered Output Status: active
To Action From
-- ------ ----
[ 1] Anywhere DENY IN 203.0.113.100 [ 2] Anywhere on eth0 ALLOW IN 203.0.113.102 From the output, you can see that there are two active rules. The first rule, with highlighted values, denies all connections coming from the IP address 203.0.113.100. The second rule allows connections on the eth0 interface coming in from the IP address 203.0.113.102.
Because by default UFW already blocks all external access unless explicitly allowed, the first rule is redundant, so you can remove it. To delete a rule by its ID, run:
sudo ufw delete 1 You will be prompted to confirm the operation and to make sure the ID you’re providing refers to the correct rule you want to delete.
Output Deleting:
deny from 203.0.113.100
Proceed with operation (y|n)? y Rule deleted If you list your rules again with sudo ufw status, you’ll see that the rule was removed.
GUI
- Press Alt+F2 and run GUFW, pass the authentication check
- Turn the status slider to "on"
CLI
- open the terminal
- sudo
ufw enable - you can use
ufw -helpto find other commands for further customization