www.bonsaiframework.com
Page tree

Versions Compared

Old Version 6

changes.mady.by.user Tin Pham

Saved on

compared with

New Version 7

changes.mady.by.user Tin Pham

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Minimal UFW Setup

UFW (Uncomplicated Firewall) is a firewall software package that is easy to use initially and yet flexible enough for power users.

Install ufw if it not already installed,

Code Block
languagebash
sudo apt-get install ufw # install the firewall software

Now, if you are not using a console, issuing multiple commands as shown on one line via remote SSH should ensure that you can ssh back into your system. If you do end up getting disconnected should still be able to get back in.

Warning

Just in case, make sure you can obtain console access before running this. If using virtual hosting most providers have a feature to emulate a console mode through their administration systems.


Code Block
languagebash
# enables the the firewall and allows ssh traffic in one step
sudo ufw enable ; sudo ufw allow 22
Note

Note to self, consider modifying the command to run in background process.

Additionally open other ports that you require. For this tutorial it would be,

Code Block
languagebash
sudo ufw allow 80 # Web Server
sudo ufw allow 443 # SSL over Web Server

Finally check that all your rules are in place,

Code Block
sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip

To                         Action      From
--                         ------      ----
22                         ALLOW IN    Anywhere
80                         ALLOW IN    Anywhere
443                        ALLOW IN    Anywhere

There is much more to ufw but the above steps should get you going.

More UFW Commands

Here are some more useful ufw commands,
 

Code Block
languagebash
sudo ufw deny 443 # Disables and leave the entry in the status. Useful to a port you leave on and off sometimes.
sudo ufw delete 443 # Actually delete the firewall rule entry.

Article Improvements

Warning

This article can be improved in the following areas.

How I can put comments in the firewall rules and have it show up in the ufw status? Using applications.d. Will add details from here,http://manpages.ubuntu.com/manpages/jaunty/en/man8/ufw.8.html

References

https://help.ubuntu.com/9.10/serverguide/C/firewall.html - official docs from Ubuntu.