Nowadays, Internet security is one of the most important topics for discussion, as the number of malware, hacks and other threats is only increasing over time. As a security measure, many users and network administrators choose to set up a firewall that allows them to control incoming and outgoing connections. In this article, we will look at configuring the UFW firewall in Ubuntu 20.04.
UFW (Uncomplicated Firewall) is a firewall configuration tool designed to simplify the process of configuring and managing firewall rules. UFW uses iptables for network security and traffic management. It allows you to set rules to control access to specific ports and IP addresses.
UFW installation
Before you can start using UFW, you need to make sure it is installed on your Ubuntu server. To do this, run the following command:
sudo apt-get update
sudo apt-get install ufw
After installing UFW, you need to configure the rules that will control access to the network.
Setting up rules
By default, all incoming connections are blocked and only outgoing connections are allowed. If you want the server to be able to accept connections on a specific port, you must add a rule that allows incoming connections to that port.
For example, to allow incoming connections on port 22 for the SSH protocol, run the following command:
sudo ufw allow ssh
If you are using a different port for the SSH protocol, you must specify it in the command:
sudo ufw allow <номер порта>/tcp
You can also allow incoming connections for other protocols such as HTTP and HTTPS by running the following commands:
sudo ufw allow http
sudo ufw allow https
If you want to allow access to a specific IP address, run the following command:
sudo ufw allow from <ip-адрес>
To deny access to a port, run the following command:
sudo ufw deny <номер порта>/tcp
To remove a rule, run the following command:
sudo ufw status numbered
sudo ufw delete <number rule>
Result:
Enable and disable
After you have configured the firewall rules, you can enable UFW. To do this, run the following command:
sudo ufw enable
When enabled, UFW will be launched automatically when the system boots.
To check the status of UFW, run the following command:
sudo ufw status
The output will indicate the current state of UFW and a list of rules.
To disable UFW, run the following command:
sudo ufw disable
However, it is not recommended to disable the firewall unnecessarily, as this can lead to vulnerabilities and security risks.
UFW settings management
UFW has several settings that can be changed by default. For example, you can enable or disable port forwarding, allow access to a specific port only for a specific IP address, and other settings.
To change UFW settings, edit the /etc/ufw/ufw.conf file using a text editor:
sudo nano /etc/ufw/ufw.conf
In the file, you can change the settings, such as:
- DEFAULT_INPUT_POLICY - incoming connection policy. Can be "DROP" (block all incoming connections by default) or "ACCEPT" (allow all incoming connections by default).
- DEFAULT_FORWARD_POLICY - forward policy. Can be "DROP" (block all redirects by default) or "ACCEPT" (allow all redirects by default).
- DEFAULT_OUTPUT_POLICY - outgoing connection policy. Can be "DROP" (block all outgoing connections by default) or "ACCEPT" (allow all outgoing connections by default).
- IPV6 - enable or disable IPv6.
- LOGLEVEL - UFW logging level.
After changing the settings, you must restart UFW by running the following command:
sudo ufw reload
Conclusion
Setting up a UFW firewall is an important step in securing your network and server. UFW allows you to control access to certain ports and IP addresses, block malware and other threats.
There are a few important things to keep in mind when configuring UFW. First of all, you need to define rules for all services and applications that should have access to the network. You should also make sure that security rules are not violated, including blocking access to sensitive data and disabling unnecessary services and ports.
In this article, we covered the basics of configuring the UFW firewall in Ubuntu 20.04, including installation, configuring rules, enabling and disabling, and managing settings. We hope this information will help you secure your network and server.