Ubuntu

How to Configure Firewall Rules with UFW on Ubuntu 22.04?

How to Configure Firewall Rules with UFW on Ubuntu(1)

A Firewall secures the network by constantly monitoring network traffic to detect unauthorized access based on defined rules. Linux Kernel comprises Netfilter, which enables various network-related operations, for example, packet filtering, packet mangling, etc. All Linux firewall solutions are based on Netfilter for packet filtering. The default firewall configuration tool for Linux Ubuntu 22.04 is UFW (Uncomplicated Firewall).

In this article, we will demonstrate steps to set up/configure firewall rules with UFW on Linux/Ubuntu 22.04 LTS systems.

What is UFW?

All Linux firewall solutions are based on Netfilter for packet filtering. Iptables are typically used to configure these IP Packet filter rules. UFW is the front end of iptables, i.e., it conceals the complexity of iptables and provides a user-friendly interface used to manage iptables i.e., to add and remove simple rules to enable IPv4/IPv6 firewall on Linux systems. UFW is disabled in Ubuntu 22.04 LTS by default.

How to Configure/Setup Firewall Rules With UFW on Linux/Ubuntu 22.04?

A firewall is the key to network security. It needs to be configured properly in order to secure the network from external threats, i.e., unauthorized access. The following steps will be performed in order to configure firewall rules with UFW:

Step 1: Launch Terminal

All applications, files, and system components installed are placed in the Application Launcher. Terminal can be launched by application launcher by pressing the “Applications” button in the left bottom corner of the screen:

Now type “Terminal” in the search bar and select the Terminal icon.

The following screenshot shows how the Terminal Application looks like on Ubuntu:

Step 2: Update System Repositories

It is highly recommended to make sure that all existing packages are up to date before installing any software. This is to avoid dependency issues. We will update existing packages by running the following command:

$ sudo apt update

Step 3: Install UFW

UFW is pre-installed on Ubuntu 22.04. In case, if UFW is not there, it can be installed using the following command:

$ sudo apt install ufw

The installation of UFW can be verified by checking the UFW version by executing the following command:

$ ufw --version

Step 4: Configure/Setup UFW to Support IPv6

UFW configurations can be modified to support both ipv4 and ipv6 protocols by accessing the UFW configurations file using “Nano Text Editor” by running the following command:

$ sudo nano /etc/default/ufw

The IPv6 value should be “yes” in order to support IPv6 protocols. If it is not, we can edit the configuration file to make it “IPV6=yes”. If any changes are made in the configuration file, we can save and close the file by pressing “Ctrl+O” and “Ctrl+X” respectively.

In order for the configurations to take effect, we will restart the UFW by running the following command:

$ sudo ufw reload

Step 5: Setup Default UFW Policy

Default policies are a set of rules that are applied to the network traffic that does not match any other defined rule. By default, all incoming traffic to the server would be denied while any applications residing within the server would be able to reach outside networks. We can do that by denying all incoming connections by using the following command:

$ sudo ufw default deny incoming

Execute the below command to allow all outgoing connections:

$ sudo ufw default allow outgoing

From the above screenshots, we can see that the default incoming policy is changed to “deny” while the default outgoing policy is changed to “allow”.

Step 6: Allow SSH Connections

SSH (Secure Shell) is an encrypted network protocol that enables users and system administrators to access systems securely over an unsecured network. At the moment all incoming connections to the server are denied (as per the rule set in Step 5). Therefore, in order to allow incoming traffic, we can explicitly allow incoming connections. We can allow SSH connection by running the following command:

$ sudo ufw allow ssh

As seen from the above screenshot, the rule is enabled to allow SSH incoming traffic.

Step 7: Allow Specific Ports (HTTP, HTTPS, etc.)

HTTP (Hypertext Transfer Protocol) is used to share information between devices connected over a network and is the foundation of the WWW (World Wide Web). Similarly, HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP. HTTPS uses encryption for secure communication between web browsers and web servers. We can allow HTTP and HTTPS by either mentioning protocol names or by mentioning their respective port numbers, i.e., 80 and 443.

HTTP port, by can be allowed by running either of the following commands:

$ sudo ufw allow http

or

$ sudo ufw allow 80

As seen from the below screenshot, the rule is enabled to allow HTTP incoming traffic.

Similarly, we can allow HTTPS port by running either of the following commands:

$ sudo ufw allow https

or

$ sudo ufw allow 443

As seen from the above screenshot, the rule is enabled to allow HTTP incoming traffic. We can verify the status of these ports by checking the status:

$ sudo ufw status verbose

As seen from the above screenshot, both HTTP and HTTPS ports are enabled to allow incoming network traffic.

Step 8: Enable UFW

Now that we have enabled security rules, we can enable the UFW firewall by running the following command:

$ sudo ufw enable

As seen from the above screenshot, the UFW firewall is enabled. We can further verify the status of UNF by following the command:

$ sudo ufw status

Additionally, we can check detailed information on UFW by following the command:

$ sudo ufw status verbose

From the above screenshot, the status of UFW, i.e., the default setting along with open ports can be seen.

Step 9: Deleting Rule

If in any case, we want to deny specific connections, we can follow the below steps:

Check UFW Connections

We can first check all connections and their rule number by running the below command:

$ sudo ufw status numbered

 

Deny Connection

After viewing all connections along with their rule numbers, we can disable any rule by mentioning the rule number that we get from the previous command by using the syntax below:

$ sudo ufw delete <rule number>

For example, if we would like to deny an HTTPS connection, we can run the rule number associated with https (port number 443) command, i.e., 4

$ sudo ufw delete 4

Press “Y” at the prompt to delete an HTTP connection.

We can verify this by checking the status of ufw:

$ sudo ufw status verbose

As we can see from the above screenshot, the HTTPS rule is deleted. We can delete as many connections as we like using the above command.

Step 10: Application Profiles

All the packages installed with “apt command” have an application profile in the “/etc/ufw/applications.d” directory, which displays details about the package/software and its respective UFW settings. For example, we can check the application profiles list by following the command:

$ sudo ufw app list

Additionally, more information about the application profile with ports can be checked by using the following syntax:

$ sudo ufw app info '<package name>'

For example, we can check information about the “Samba” application by using the following command:

$ sudo ufw app info Samba

As we can notice in the above screenshot, the details about the application profile along with open ports are shown.

Step 11: Disable UFW

If we would not like to use ufw firewall, we can disable it by following the command:

$ sudo ufw disable

This will disable all the created rules. However, we can activate UFW again by the command mentioned in Step 8.

Conclusion

UFW firewall rules are configured by setting up the default UFW policy, allowing required ports along with SSH, and enabling UFW. In this article, we have discussed detailed steps for the configuration of UFW Firewalls. These steps can be followed to enable secure and stable firewall protection on the server as the firewall is the first step to protecting the server against unauthorized access.

Similar Posts