Minimal UFW Setup
UFW (Uncomplicated Firewall) is a firewall software package that is a front-end to iptables that is easy to use initially and yet flexible enough for power users.
Install ufw UFW if it not already installed,
...
Code Block | ||
---|---|---|
| ||
sudo ufw enable |
From your desktop, use Telnet to confirm 22 port is open,
Code Block | ||
---|---|---|
| ||
telnet Ubuntuservername 22 # if you server is not named, user the server's IP address |
If telnet worked you should see something like this,
Code Block | ||
---|---|---|
| ||
Connected to Ubuntuservername.
Escape character is '^]'.
^] |
Finally check that all your rules are in place,
...
There is much more to UFW but the above steps should get you going.
More UFW Commands
Here are some more useful ufw commands,
Removing Rules
You can disable or delete rules. The example shown here is two step,
Code Block | ||
---|---|---|
| ||
sudo ufw deny 443 # Disables and leave the entry in the status. Useful for a port you leave on and off sometimes. sudo ufw delete allowdeny port 443 # ActuallyDelete delete the firewall rule entry. NoteHere you must have it enableddisabled to delete it. |
Not exactly intuitive is that the delete command needs to be literal. In the above example we had "delete deny port 443". If the port was enabled and we wanted to delete in one step, the command would look like this,
Code Block | ||
---|---|---|
| ||
sudo ufw delete allow 443 # Deletes an enabled rule. |
To put comment
You can put comment in the rules and have it show up in the ufw status
Code Block | ||
---|---|---|
| ||
sudo ufw allow 22 comment 'enable TCP' |
Article Improvements
Warning |
---|
This article can be improved in the following areas. |
How I can put comments in the firewall rules and have it show up in the ufw status? Using applications.d. Will add details from here,http://manpages.ubuntu.com/manpages/jaunty/en/man8/ufw.8.html
Do you really need to enable the port to delete it? That was the only way the command worked for us, but then again we might have to use a different syntax for deleting a disabled port.
References
https://help.ubuntu.com/9.10/serverguide/C/firewall.html - official docs from Ubuntu.