A Firewall secures the network by constantly monitoring network traffic to detect unauthorized access based on defined rules. Linux Kernel comprises Netfilter, which enables various network-related operations, for example, packet filtering, packet mangling, etc. All Linux firewall solutions are based on Netfilter for packet filtering. The default firewall configuration tool for Linux Ubuntu 22.04 is UFW (Uncomplicated Firewall).
In this article, we will demonstrate steps to set up/configure firewall rules with UFW on Linux/Ubuntu 22.04 LTS systems.
All Linux firewall solutions are based on Netfilter for packet filtering. Iptables are typically used to configure these IP Packet filter rules. UFW is the front end of iptables, i.e., it conceals the complexity of iptables and provides a user-friendly interface used to manage iptables i.e., to add and remove simple rules to enable IPv4/IPv6 firewall on Linux systems. UFW is disabled in Ubuntu 22.04 LTS by default.
A firewall is the key to network security. It needs to be configured properly in order to secure the network from external threats, i.e., unauthorized access. The following steps will be performed in order to configure firewall rules with UFW:
All applications, files, and system components installed are placed in the Application Launcher. Terminal can be launched by application launcher by pressing the “Applications” button in the left bottom corner of the screen:
Now type “Terminal” in the search bar and select the Terminal icon.
The following screenshot shows how the Terminal Application looks like on Ubuntu:
It is highly recommended to make sure that all existing packages are up to date before installing any software. This is to avoid dependency issues. We will update existing packages by running the following command:
UFW is pre-installed on Ubuntu 22.04. In case, if UFW is not there, it can be installed using the following command:
The installation of UFW can be verified by checking the UFW version by executing the following command:
UFW configurations can be modified to support both ipv4 and ipv6 protocols by accessing the UFW configurations file using “Nano Text Editor” by running the following command:
The IPv6 value should be “yes” in order to support IPv6 protocols. If it is not, we can edit the configuration file to make it “IPV6=yes”. If any changes are made in the configuration file, we can save and close the file by pressing “Ctrl+O” and “Ctrl+X” respectively.
In order for the configurations to take effect, we will restart the UFW by running the following command:
Default policies are a set of rules that are applied to the network traffic that does not match any other defined rule. By default, all incoming traffic to the server would be denied while any applications residing within the server would be able to reach outside networks. We can do that by denying all incoming connections by using the following command:
Execute the below command to allow all outgoing connections:
From the above screenshots, we can see that the default incoming policy is changed to “deny” while the default outgoing policy is changed to “allow”.
SSH (Secure Shell) is an encrypted network protocol that enables users and system administrators to access systems securely over an unsecured network. At the moment all incoming connections to the server are denied (as per the rule set in Step 5). Therefore, in order to allow incoming traffic, we can explicitly allow incoming connections. We can allow SSH connection by running the following command:
As seen from the above screenshot, the rule is enabled to allow SSH incoming traffic.
HTTP (Hypertext Transfer Protocol) is used to share information between devices connected over a network and is the foundation of the WWW (World Wide Web). Similarly, HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP. HTTPS uses encryption for secure communication between web browsers and web servers. We can allow HTTP and HTTPS by either mentioning protocol names or by mentioning their respective port numbers, i.e., 80 and 443.
HTTP port, by can be allowed by running either of the following commands:
As seen from the below screenshot, the rule is enabled to allow HTTP incoming traffic.
Similarly, we can allow HTTPS port by running either of the following commands:
As seen from the above screenshot, the rule is enabled to allow HTTP incoming traffic. We can verify the status of these ports by checking the status:
As seen from the above screenshot, both HTTP and HTTPS ports are enabled to allow incoming network traffic.
Now that we have enabled security rules, we can enable the UFW firewall by running the following command:
As seen from the above screenshot, the UFW firewall is enabled. We can further verify the status of UNF by following the command:
Additionally, we can check detailed information on UFW by following the command:
From the above screenshot, the status of UFW, i.e., the default setting along with open ports can be seen.
If in any case, we want to deny specific connections, we can follow the below steps:
We can first check all connections and their rule number by running the below command:
After viewing all connections along with their rule numbers, we can disable any rule by mentioning the rule number that we get from the previous command by using the syntax below:
For example, if we would like to deny an HTTPS connection, we can run the rule number associated with https (port number 443) command, i.e., 4
Press “Y” at the prompt to delete an HTTP connection.
We can verify this by checking the status of ufw:
As we can see from the above screenshot, the HTTPS rule is deleted. We can delete as many connections as we like using the above command.
All the packages installed with “apt command” have an application profile in the “/etc/ufw/applications.d” directory, which displays details about the package/software and its respective UFW settings. For example, we can check the application profiles list by following the command:
Additionally, more information about the application profile with ports can be checked by using the following syntax:
For example, we can check information about the “Samba” application by using the following command:
As we can notice in the above screenshot, the details about the application profile along with open ports are shown.
If we would not like to use ufw firewall, we can disable it by following the command:
This will disable all the created rules. However, we can activate UFW again by the command mentioned in Step 8.
UFW firewall rules are configured by setting up the default UFW policy, allowing required ports along with SSH, and enabling UFW. In this article, we have discussed detailed steps for the configuration of UFW Firewalls. These steps can be followed to enable secure and stable firewall protection on the server as the firewall is the first step to protecting the server against unauthorized access.