Minimal Uncomplicated Firewall Setup

The Uncomplicated Firewall ufw comes preinstalled with Ubuntu server.

In the initial setup usually the only registered app is OpenSSH:

$ ufw app list
Available applications:
  OpenSSH

and the firewall is disabled:

$ ufw status
Status: inactive

Most probably your access to the server is via SSH. So it is crucial to configure ssh properly before activating the firewall.

$ ufw allow OpenSSH
Rules updated
Rules updated (v6)

Allowing access to a specific port (e.g. 12345) is straight forward:

$ ufw allow 12345
Rules updated
Rules updated (v6)

To check the current user rules run

$ ufw show added
Added user rules (see 'ufw status' for running firewall):
ufw allow OpenSSH
ufw allow 12345

If we are satisfied with the configured rule we can enable the firewall...

$ ufw enable

let's check the live configuration:

$ ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp (OpenSSH)           ALLOW IN    Anywhere
13245                      ALLOW IN    Anywhere
22/tcp (OpenSSH (v6))      ALLOW IN    Anywhere (v6)
12345 (v6)                 ALLOW IN    Anywhere (v6)

Nice. This was in deed an uncomplicated initial setup.

Removing a rule is as easy as prefixing a rule with delete:

shell $ ufw delete allow from 192.168.0.42 to any port 50000

PS: The logs are available via tail -500f /var/log/ufw.log.

Show Comments