Uncomplicated firewall (UFW) provides easy-to-use interface for people unfamiliar with firewall concepts. It provides a framework for managing netfilter as well as the command-line interface to manipulate the firewall. With its small command set and plain English parameters, UFW makes it quick and easy to understand and set up firewall rules. At the same time, you can use UFW to configure most of the rules possible with iptables. UFW comes preinstalled with all Ubuntu installations after version 8.04 LTS.
Follow these steps to secure network with uncomplicated firewall:
Step 1 : UFW comes preinstalled on Ubuntu systems. If it's not, you can install it with the following commands:
sudo apt-get update
sudo apt-get install ufw
Step 2 : Check the status of UFW
sudo ufw status
Step 3 : Add a new rule to allow SSH
sudo ufw allow ssh
Step 4 : Alternatively, you can use a port number to open a particular port
sudo ufw allow 22
Step 5 : Allow only TCP traffic over HTTP (port 80)
sudo ufw allow http/tcp
Step 6 : Deny incoming FTP traffic
sudo ufw deny ftp
Step 7 : Check all added rules before starting the firewall
sudo ufw show added
Step 8 : Now enable the firewall
sudo ufw enable
Step 9 : Check the ufw status, the verbose parameter is optional:
sudo ufw status verbose
Step 10 : Get a numbered list of added rules
sudo ufw status numbered
Step 11 : You can also allow all ports in a range by specifying a port range
sudo ufw allow 1050:5000/tcp
Step 12 : If you want to open all ports for a particular IP address, use the following command
sudo ufw allow from 10.0.3.102
Step 12 : Alternatively, you can allow an entire subnet, as follows:
sudo ufw allow from 10.0.3.0/24
Step 13 : You can also allow or deny a specific port for a given IP address
sudo ufw allow from 10.0.3.102 to any port 2300
sudo ufw deny from 10.0.3.102 to any port 5213
Step 14 : To specify a protocol in the preceding rule, use the following command
sudo ufw deny from 10.0.3.102 proto tcp to any port 5213
Step 15 : Deleting rules
sudo ufw delete deny ftp
Step 16 : Delete rules by specifying their numbers
sudo ufw status numbered
sudo ufw delete 2
Step 17 : Add a new rule at a specific number
sudo ufw insert 1 allow 5212/tcp # Inserts a rule at number 1
Step 18 : If you want to reject outgoing FTP connections, you can use the following command
sudo ufw reject out ftp
Step 19 : UFW also supports application profiles. To view all application profiles, use the following command:
sudo ufw app list
Step 20 : Get more information about the app profile using the following command
sudo ufw app info OpenSSH
Step 21 : Allow the application profile as follows
sudo ufw allow OpenSSH
Step 22 : Set ufw logging levels [off|low|medium|high|full] with the help of the following command
sudo ufw logging medium
Step 23 : View firewall reports with the show parameter
sudo ufw show added # list of rules added
sudo ufw show raw # show complete firewall
Step 24 : Reset ufw to its default state (all rules will be backed up by UFW)
sudo ufw reset