Minimal UFW Setup
UFW (Uncomplicated Firewall) is a firewall software package that is easy to use initially and yet flexible enough for power users.
Install ufw if it not already installed,
sudo apt-get install ufw # install the firewall software
UFW once installed does not automatically start. First open up ports that are necessary for the administration of the system,
sudo ufw allow 22
Additionally open other ports that you require. For this tutorial it would be,
sudo ufw allow 80 # Web Server sudo ufw allow 443 # SSL over Web Server
Before starting UFW make sure you have port 22 open you can check again by running the allow 22 command again and if the rule is added should output.
sudo ufw allow 22 "Skipping adding existing rule"
After you have confirmed 22 is open you can go ahead and enable UFW.
sudo ufw enable
Finally check that all your rules are in place,
sudo ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing) New profiles: skip To Action From -- ------ ---- 22 ALLOW IN Anywhere 80 ALLOW IN Anywhere 443 ALLOW IN Anywhere
There is much more to UFW but the above steps should get you going.
More UFW Commands
Here are some more useful ufw commands,
sudo ufw deny 443 # Disables and leave the entry in the status. Useful for a port you leave on and off sometimes. sudo ufw delete allow port 443 # Actually delete the firewall rule entry. Note you must have it enabled to delete it.
Article Improvements
This article can be improved in the following areas.
How I can put comments in the firewall rules and have it show up in the ufw status? Using applications.d. Will add details from here,http://manpages.ubuntu.com/manpages/jaunty/en/man8/ufw.8.html
Do you really need to enable the port to delete it? That was the only way the command worked for us, but then again we might have to use a different syntax for deleting a disabled port.
References
https://help.ubuntu.com/9.10/serverguide/C/firewall.html - official docs from Ubuntu.