Minimal UFW Setup
UFW (Uncomplicated Firewall) is a firewall software package that is easy to use initially and yet flexible enough for power users.
Install ufw if it not already installed,
sudo apt-get install ufw # install the firewall software
Now, if you are not using a console, issuing multiple commands as shown on one line via remote SSH should ensure that you can ssh back into your system. If you do end up getting disconnected should still be able to get back in.
Just in case, make sure you can obtain console access before running this. If using virtual hosting most providers have a feature to emulate a console mode through their administration systems.
# enables the the firewall and provided the command executed properly allows ssh traffic in one step sudo ufw enable && sudo ufw allow 22
Note to self, consider modifying the command to run in background process.
Additionally open other ports that you require. For this tutorial it would be,
sudo ufw allow 80 # Web Server sudo ufw allow 443 # SSL over Web Server
Finally check that all your rules are in place,
sudo ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing) New profiles: skip To Action From -- ------ ---- 22 ALLOW IN Anywhere 80 ALLOW IN Anywhere 443 ALLOW IN Anywhere
There is much more to ufw but the above steps should get you going.
More UFW Commands
Here are some more useful ufw commands,
sudo ufw deny 443 # Disables and leave the entry in the status. Useful to a port you leave on and off sometimes. sudo ufw delete allow port 443 # Actually delete the firewall rule entry.
Article Improvements
This article can be improved in the following areas.
How I can put comments in the firewall rules and have it show up in the ufw status? Using applications.d. Will add details from here,http://manpages.ubuntu.com/manpages/jaunty/en/man8/ufw.8.html
References
https://help.ubuntu.com/9.10/serverguide/C/firewall.html - official docs from Ubuntu.