UFW - The Uncomplicated Firewall

UFW is the default firewall configuration tool for Ubuntu Linux. UFW provides a more user friendly way to create a host-based firewall though some knowledge of services and the various ports they run on is still required. This information is contained in the file /etc/services and ufw refers to this to determine what ports a service requires, so there is no harm in the end user doing the same. Many Linux administrators refer to /etc/services to determine what ports a service requires and indeed the purpose of the file is to map port numbers and protocols to service names.

Although ufw is not intended to provide complete firewall functionality it can be used to create simple rules that may be all your Linux server requires to protect it from the undesirables, ufw falls short as far as complex gateway packet filtering is concerned. Many rules can be added to the firewall using the ufw command and anything that cant can be added to the ufw configuration files directly using a text editor such as vi or pico. Ufw's configuration files are located in /etc/ufw.

john@ubuntu-linux-server:/etc/ufw$ ls -lh total 28K -rw-r--r-- 1 root root 799 2009-04-04 02:57 after6.rules -rw-r--r-- 1 root root 878 2009-04-04 02:57 after.rules drwxr-xr-x 2 root root 4.0K 2009-10-12 19:15 applications.d -rw-r--r-- 1 root root 2.2K 2009-04-04 02:57 before6.rules -rw-r--r-- 1 root root 2.1K 2009-04-04 02:57 before.rules -rw-r--r-- 1 root root 1.1K 2009-04-04 02:57 sysctl.conf -rw-r--r-- 1 root root 126 2009-10-12 19:15 ufw.conf Particularly if you are remotely accessing it is a good practice before enabling the firewall to create a rule allowing ssh access to your Linux server. The default policy is to reject all connections. We dont want to lock ourselves out after all, do we? john@ubuntu-linux-server:/etc/ufw$ sudo ufw allow 22 Rules updated john@ubuntu-linux-server:/etc/ufw$$ sudo ufw enable Command may disrupt existing ssh connections. Proceed with operation(y|n)? y Firewall is active and enabled on system startup john@ubuntu-linux-server:/etc/ufw$ Lets have a look at a few of the commands you can use to configure your firewall using ufw. To turn the firewall on type sudo ufw enable To turn the firewall off sudo ufw disable

To open access to a particular port, in this instance port 80 which is used for a webserver

sudo ufw allow 80

To remove a rule, in this instance access to port 80

sudo ufw delete allow 80

Or to deny access to a port

sudo ufw deny 80

You can even specify a service name as specified in /etc/services

sudo ufw allow smtp

More complex rules are well within ufw's scope using a wider syntax. The following denies tcp traffic from anywhere to port 80 on this host.

sudo ufw deny proto tcp to any port 80

The following rules permit tcp connections from anywhere to ports 80, 443 and all ports 8080-8090 inclusive on the host Linux server.

sudo ufw allow proto tcp from any to any port 80,443,8080:8090

This will prevent traffic from the entire class C network 192.168.10.0-255 to 192.168.0.1 port 25. Useful for stopping spammers from sending email to your mailserver as an example.

sudo ufw deny proto tcp from 192.168.10.0/24 to 192.168.0.1 port 25

You can allow access to your Linux server from a particular address range.

sudo ufw allow from 192.168.0.0/16

You can deny access to your Linux server from a particular address range.

sudo ufw deny from 192.168.0.0/16

Ufw also supports rate limiting, which is useful for limiting brute force login attacks and other unwanted traffic. Rate limiting steps in if an IP address initiates 6 or more connections within the last 30 seconds.

sudo ufw limit ssh/tcp

These are the main commands that you will require to configure a very usable firewall for your Ubuntu Linux server but ufw does have more to offer including masquerading, NAT and other features. Check out the IPTables tutorial for more uses for your firewall.