Ubuntu 9.10 UFW Firewall

by Mike on October 14, 2009 · 10 comments

in Ubuntu Servers

ufw Firewall

UFW or Uncomplicated Firewall, is a text based firewall that works with  iptables.  UFW is designed to be an easier way to manage a firewall from the command line.  Whether this is easier than learning iptables or not, you can decide.  But UFW comes partially set up when you install Ubuntu.  Now it is not activated by default so you have not protection but some basic settings are in place when you do start up UFW.

The Ubuntu 9.10 server brings three new features to the UFW firewall; outgoing filtering update, filtering by interface and bash completion.  This now brings a total of 12 new features since the UFW was first released in version 8.04.  Finally, the UFW is reaching a mature stage where you can use it instead of writing rules with iptables.

ubuntu_server

Related UFW Firewall Information
Mechanics of UFW
Profiles in UFW
Advanced Options in UFW

If you run the ufw command you will see a listing of the most important commands to run the ufw firewall.  Take some time to look this over as you will need this as a resource.
ufw
Usage: ufw COMMAND

Commands:
enable                          enables the firewall
disable                         disables the firewall
default ARG                     set default policy
logging LEVEL                   set logging to LEVEL
allow ARGS                      add allow rule
deny ARGS                       add deny rule
reject ARGS                     add reject rule
limit ARGS                      add limit rule
delete RULE                     delete RULE
insert NUM RULE                 insert RULE at NUM
status                          show firewall status
status numbered                 show firewall status as numbered list of RULES
status verbose                  show verbose firewall status
show ARG                        show firewall report
version                         display version information

Application profile commands:
app list                        list application profiles
app info PROFILE                show information on PROFILE
app update PROFILE              update PROFILE
app default ARG                 set default application policy

Managing UFW
The first step in managing the firewall is to check the status.

sudo ufw status
Status: inactive

When you see a status as inactive you know that your server is vulnerable to attacks on open ports. It is important that you get UFW up and protecting your server before you connect to the Internet.

The first thing to do is to make sure you have access to the server remotely using SSH.  Be sure you have installed SSH on the server with:

sudo apt-get install ssh

Now create a firewall rule before you actually activate the firewall so if you are accessing it from SSH you will not break your connection.

As root complete the following commands.

sudo ufw allow proto tcp from 192.68.5.0/24 to any port 22
Rules updated

sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

Note that a subnet was allowed for connection on port 22. If you wanted to enter a single IP Address just change it to the IP Address you want.

Now you have access using SSH it is important before you create additional rules to understand what your firewall looks like from the outside, what ports are really open.

sudo apt-get install nmap

nmap 192.168.5.96

Starting Nmap 5.00 ( http://nmap.org ) at 2009-10-13 07:05 MDT
Interesting ports on 192.168.5.96:
Not shown: 996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh

Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds

State Rules
There are already several common rules that are configured into the firewall immediately.  One of those is the state rules that provide for any RELATED or ESTABLISHED connections.  This means that if you connect to a web server from a machine it will allow the information you requested from the web server to return based on the fact that the local machine established the connection and the returning information was related to that request.

{ 4 comments }

linux user October 14, 2009 at 12:27 pm

to get a gui for ufw type “sudo apt-get install gufw”

richard bennett March 11, 2010 at 6:20 am

why is it so difficult to set up a firewall on ubuntu??

Mosley March 17, 2010 at 6:48 am

Very interesting post. I’ll be spending more time with certain areas. Well done and good luck with your work. Wish I have the luxury of time to consider using the benefits these site can offer. Thanks for the share. I made a copy of the list and will check all.

Volker Schreich August 9, 2010 at 8:44 am

ssh now working in both directions.

{ 6 trackbacks }

Previous post:

Next post: