Home

Linux security - Setup firewall in Ubuntu using ufw

There are two types of firewalls available in Linux, a packet filtering firewall and a proxy-based firewall. Most Linux users use a packet filtering firewall to setup a basic firewall for their system because Linux already came with firewall package by default.

Linux kernel came with a module called netfilter. Netfilter is used to manipulate incoming and outgoing traffic in Linux system. You can use locate command to find netfilter in your Linux system like in the example below:

luzar@ubuntu:~$ locate netfilter
/lib/modules/2.6.24-19-server/kernel/net/netfilter
/lib/modules/2.6.24-19-server/kernel/net/bridge/netfilter
/lib/modules/2.6.24-19-server/kernel/net/bridge/netfilter/ebt_802_3.ko
/lib/modules/2.6.24-19-server/kernel/net/bridge/netfilter/ebt_among.ko
/lib/modules/2.6.24-19-server/kernel/net/bridge/netfilter/ebt_arp.ko
/lib/modules/2.6.24-19-server/kernel/net/bridge/netfilter/ebt_arpreply.ko
...
...

However, netfilter by itself cannot do anything without being configured. Thereby, Linux has iptables, a command line user interface to manipulate and configure rules. The netfilter will refer to that rules to accept or reject incoming or outgoing packets in Linux system.

Ubuntu ufw configuration

Ubuntu ufw is a user friendly interface to configure firewall in Ubuntu system. It is an alternative for users who find iptables is difficult to use. ufw stands for uncomplicated firewall. Here is a part of ufw manual page:

NAME
       ufw - program for managing a netfilter firewall

DESCRIPTION
       This  program  is  for  managing  a Linux firewall and aims to provide an easy to use interface for the user.

USAGE
       ufw [--dry-run] enable|disable

       ufw [--dry-run] default allow|deny

       ufw [--dry-run] logging on|off

       ufw [--dry-run] status

       ufw [--dry-run] [delete] allow|deny PORT[/protocol]

       ufw [--dry-run] [delete] allow|deny [proto protocol] [from  ADDRESS  [port  PORT]] 
               [to  ADDRESS  [port PORT]]

ufw is not enabled by default. Check ufw status with this command:

luzar@ubuntu:~$ sudo ufw status
Firewall not loaded
luzar@ubuntu:~$

To use ufw to configure rules for Ubuntu firewall, we need to enable it. Here's the command to enable ufw:

luzar@ubuntu:~$ sudo ufw enable
[sudo] password for luzar:
Firewall started and enabled on system startup
luzar@ubuntu:~$

To disable ufw, use this command:

luzar@ubuntu:~$ sudo ufw disable
Firewall stopped and disabled on system startup
luzar@ubuntu:~$

To add a firewall rule, use ufw allow command. Make sure to enable ufw before running this command. Here is an example to allow ssh service to firewall rules:

luzar@ubuntu:~$ sudo ufw allow ssh
Rule added
luzar@ubuntu:~$ sudo ufw status verbose
Firewall loaded

To                         Action  From
--                         ------  ----
22:tcp                     ALLOW   Anywhere
22:udp                     ALLOW   Anywhere

luzar@ubuntu:~$

We can also use --dry-run option to check the rules applied. The --dry-run option do not modify anything, it just show the changes. Here is an example:

luzar@ubuntu:~$ sudo ufw --dry-run allow http
*filter
:ufw-user-input - [0:0]
:ufw-user-output - [0:0]
:ufw-user-forward - [0:0]
### RULES ###

### tuple ### allow any 22 0.0.0.0/0 any 0.0.0.0/0
-A ufw-user-input -p tcp --dport 22 -j ACCEPT
-A ufw-user-input -p udp --dport 22 -j ACCEPT

### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0
-A ufw-user-input -p tcp --dport 80 -j ACCEPT

### END RULES ###
-A ufw-user-input -j RETURN
-A ufw-user-output -j RETURN
-A ufw-user-forward -j RETURN
COMMIT
Rules updated
luzar@ubuntu:~$

Here are other commands that you can use with ufw:

Usage: ufw COMMAND

Commands:
  enable                        Enables the firewall
  disable                       Disables the firewall
  default ARG                   set default policy to ALLOW or DENY
  logging ARG                   set logging to ON or OFF
  allow|deny RULE               allow or deny RULE
  delete allow|deny RULE        delete the allow/deny RULE
  status                        show firewall status
  version                       display version information

You should enable firewall log so you can always check all activity running in your system. To enable firewall log using ufw, use this command:

luzar@ubuntu:~$ sudo ufw logging on
Logging enabled
luzar@ubuntu:~$

Firewall logs can be checked in /var/log/kern.log, /var/log/syslog and /var/log/messages.


Bookmark/Search this post with:

Post new comment

The content of this field is kept private and will not be shown publicly.
This blog uses the CommentLuv Drupal plugin which will try and parse your sites feed and display a link to your last post, please be patient while it tries to find it for you.

Custom Search