The Uncomplicated Firewall ufw comes preinstalled with Ubuntu server.
In the initial setup usually the only registered app is OpenSSH:
$ ufw app list
Available applications:
OpenSSH
and the firewall is disabled:
$ ufw status
Status: inactive
Most probably your access to the server is via SSH. So it is crucial to configure ssh properly before activating the firewall.
$ ufw allow OpenSSH
Rules updated
Rules updated (v6)
Allowing access to a specific port (e.g. 12345) is straight forward:
$ ufw allow 12345
Rules updated
Rules updated (v6)
To check the current user rules run
$ ufw show added
Added user rules (see 'ufw status' for running firewall):
ufw allow OpenSSH
ufw allow 12345
If we are satisfied with the configured rule we can enable the firewall...
$ ufw enable
let's check the live configuration:
$ ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp (OpenSSH) ALLOW IN Anywhere
13245 ALLOW IN Anywhere
22/tcp (OpenSSH (v6)) ALLOW IN Anywhere (v6)
12345 (v6) ALLOW IN Anywhere (v6)
Nice. This was in deed an uncomplicated initial setup.
Removing a rule is as easy as prefixing a rule with delete:
shell
$ ufw delete allow from 192.168.0.42 to any port 50000
PS: The logs are available via tail -500f /var/log/ufw.log.