UFW or Uncomplicated Firewall, is a text based firewall that works with iptables. UFW is designed to be an easier way to manage a firewall from the command line. Whether this is easier than learning iptables or not, you can decide. But UFW comes partially set up when you install Ubuntu. Now it is not activated by default so you have not protection but some basic settings are in place when you do start up UFW.
The Ubuntu 9.10 server brings three new features to the UFW firewall; outgoing filtering update, filtering by interface and bash completion. This now brings a total of 12 new features since the UFW was first released in version 8.04. Finally, the UFW is reaching a mature stage where you can use it instead of writing rules with iptables.
If you run the ufw command you will see a listing of the most important commands to run the ufw firewall. Take some time to look this over as you will need this as a resource.
Usage: ufw COMMAND
enable enables the firewall
disable disables the firewall
default ARG set default policy
logging LEVEL set logging to LEVEL
allow ARGS add allow rule
deny ARGS add deny rule
reject ARGS add reject rule
limit ARGS add limit rule
delete RULE delete RULE
insert NUM RULE insert RULE at NUM
status show firewall status
status numbered show firewall status as numbered list of RULES
status verbose show verbose firewall status
show ARG show firewall report
version display version information
Application profile commands:
app list list application profiles
app info PROFILE show information on PROFILE
app update PROFILE update PROFILE
app default ARG set default application policy
The first step in managing the firewall is to check the status.
sudo ufw status
When you see a status as inactive you know that your server is vulnerable to attacks on open ports. It is important that you get UFW up and protecting your server before you connect to the Internet.
The first thing to do is to make sure you have access to the server remotely using SSH. Be sure you have installed SSH on the server with:
sudo apt-get install ssh
Now create a firewall rule before you actually activate the firewall so if you are accessing it from SSH you will not break your connection.
As root complete the following commands.
sudo ufw allow proto tcp from 220.127.116.11/24 to any port 22
sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
Note that a subnet was allowed for connection on port 22. If you wanted to enter a single IP Address just change it to the IP Address you want.
Now you have access using SSH it is important before you create additional rules to understand what your firewall looks like from the outside, what ports are really open.
sudo apt-get install nmap
Starting Nmap 5.00 ( http://nmap.org ) at 2009-10-13 07:05 MDT
Interesting ports on 192.168.5.96:
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds
There are already several common rules that are configured into the firewall immediately. One of those is the state rules that provide for any RELATED or ESTABLISHED connections. This means that if you connect to a web server from a machine it will allow the information you requested from the web server to return based on the fact that the local machine established the connection and the returning information was related to that request.