...
Code Block | ||
---|---|---|
| ||
sudo apt-get install ufw # install the firewall software |
Now, if you are not using a console, issuing multiple commands as shown on one line via remote SSH should ensure that you can ssh back into your system. If you do end up getting disconnected should still be able to get back in.
...
UFW once installed does not automatically start. First open up ports that are necessary for the administration of the system,
Code Block | ||
---|---|---|
| ||
#allows ssh traffic in one step
sudo ufw allow 22 |
Note |
---|
Note to self, consider modifying the command to run in background process. |
Additionally open other ports that you require. For this tutorial it would be,
...
Before starting UFW make sure you have port 22 open you can check again by running the allow 22 command again and if the rule is added should output.
Code Block | ||
---|---|---|
| ||
sudo ufw allow 22 "Skipping adding existing rule" |
After you have confirmed 22 is open you can go ahead and enable UFW.
...
Code Block |
---|
sudo ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing) New profiles: skip To Action From -- ------ ---- 22 ALLOW IN Anywhere 80 ALLOW IN Anywhere 443 ALLOW IN Anywhere |
...
Info |
---|
UFW status verbose |
...
will not work if UFW is not enabled. |
There is much more to ufw UFW but the above steps should get you going.
...
Code Block | ||
---|---|---|
| ||
sudo ufw deny 443 # Disables and leave the entry in the status. Useful tofor a port you leave on and off sometimes. sudo ufw delete allow port 443 # Actually delete the firewall rule entry. Note you must have it enabled to delete it. |
Article Improvements
Warning |
---|
This article can be improved in the following areas. |
How I can put comments in the firewall rules and have it show up in the ufw status? Using applications.d. Will add details from here,http://manpages.ubuntu.com/manpages/jaunty/en/man8/ufw.8.html
Do you really need to enable the port to delete it? That was the only way the command worked for us, but then again we might have to use a different syntax for deleting a disabled port.
References
https://help.ubuntu.com/9.10/serverguide/C/firewall.html - official docs from Ubuntu.