Ubuntu Firewall: Basic Introduction

This is a basic introduction to Ubuntu firewall using the terminal commands.  This tutorial requires you have administrative access to your Ubuntu system.  If you installed Ubuntu the first account created by default has administrative access via sudo.  You will need to type sudo for each command illustrated below.  The system will ask for your login password the first time (it will remember that password for about 15 minutes).  Follow the steps below to check and modify the firewall.

Open a terminal window (ctrl t).  In the terminal window enter:

you@ursystem:~$ sudo ufw status

[sudo] password for you:

Status: inactive

ufw stands for uncomplicated[1] firewall.  It is a very simple interface to get you started.  All modern Linux firewalls are based on the packet filtering framework developed and maintained by the folks at netfilter.org.

In the above example the firewall is not running to enable the firewall enter the command:

you@ursystem:~$ sudo ufw enable

Command may disrupt existing ssh connections. Proceed with operation (y|n)? y

Firewall is active and enabled on system startup

You have enabled your firewall try the status command again to see the results.  It reports active.  The firewall is active but you have not set any rules.  To allow ssh connections to your system enter the command:

you@yoursystem:~$ sudo ufw allow ssh

Rule added

Rule added (v6) (note this is displayed if you are also using IP v6)

You have just added ssh however you have allowed connection to port 22 from any location on the internet (using both UDP and TCP).  You have also allowed connection using IPv6.  If you are only using IPv4 delete the rule for IPv6 and harden the remaining rule to only allow tcp.  To verify the above rules created enter the status command again.  Look at the “From” column.

you@yoursystem:~$ sudo ufw status

Status: active

To                    Action     From

—                    ——     —-

22                    ALLOW      Anywhere

22 (v6)               ALLOW      Anywhere (v6)

 

Notice the one command generated 2 rules.  It is best to be very specific and allow only the ip addresses you expect to connect from and the protocol to use.  In this case we want to only allow TCP and from one IP address, using IPv4.  I will delete the above rules, using the reset option.

You can reset the firewall by using the reset options as follows:

sudo ufw –force reset

 

Notice the “–force” option, this issues the command without asking for permission.  The firewall is back to defaults.  Issue “sudo ufw status” to verify.

Let’s enable the firewall again only this time to one specific IP address and using the TCP protocol version 4.  To do so gather the IP address you want to ssh from and enter that IP in the command:

sudo ufw allow from {your ip address in here} to any port 22 proto tcp

 

Enter the command for status “sudo ufw status”.  What do you see?  Even though you created a firewall rule the firewall is still disabled from the previous reset command.  Enable the firewall “sudo ufw enable” and run the status command again.  You should see the new rule you just created.

This rule allows only the IP address entered in the brackets to connect to your system, via ssh.

In order to modify the rules you need to list them with numbers so enter the command:

 

you@yoursystem:~$ sudo ufw status

Status: active

To                         Action      From

—                         ——      —-

22/tcp                     ALLOW       10.0.0.20

 

Let’s add another rule to allow connections to your systems web server.

 

you@yoursystem:~$ sudo ufw allow from 10.0.0.20 to any port 80 proto tcp

Rule added

you@yoursystem:~$ sudo ufw status

Status: active

To                         Action      From

—                         ——      —-

22/tcp                     ALLOW       10.0.0.20

80/tcp                     ALLOW       10.0.0.20

Now you have 2 rules.  Let’s list the rules with the associated number.  Listing rules with numbers is needed when deleting rules.

 

you@yoursystem:~$ sudo ufw status numbered

Status: active

     To                         Action      From

     —                         ——      —-

[ 1] 22/tcp                     ALLOW IN    10.0.0.20

[ 2] 80/tcp                     ALLOW IN    10.0.0.20

Notice the numbers 1 and 2 in brackets, on the left before the rule.  That represents the number for that rule.

 

To delete the second rule enter the command:

you@yoursystem:~$ sudo ufw delete 2

Deleting:

allow from 10.0.0.20 to any port 80 proto tcp

Proceed with operation (y|n)? y

Rule deleted

 

UFW verified you wanted to delete rule 2 and it requested you answer yes with a y.  If you do not want to be prompted use the “–force” options as illustrated earlier.  Below is a list of other commands you can issue (copied from the man page).

 

ufw [–dry-run] enable|disable|reload

ufw [–dry-run] default allow|deny|reject [incoming|outgoing|routed]

ufw [–dry-run] logging on|off|LEVEL

ufw [–dry-run] reset

ufw [–dry-run] status [verbose|numbered]

ufw [–dry-run] show REPORT

ufw [–dry-run] [delete] [insert NUM] allow|deny|reject|limit [in|out] [log|log-all] [  PORT[/PROTOCOL]

| APPNAME ] [comment COMMENT]

ufw   [–dry-run]   [rule]  [delete]  [insert  NUM]  allow|deny|reject|limit  [in|out  [on  INTERFACE]]

[log|log-all] [proto PROTOCOL] [from ADDRESS [port PORT | app APPNAME ]] [to ADDRESS [port PORT  |  app

APPNAME ]] [comment COMMENT]

ufw [–dry-run] route [delete] [insert NUM] allow|deny|reject|limit [in|out on INTERFACE] [log|log-all]

[proto PROTOCOL] [from ADDRESS [port PORT | app APPNAME]] [to ADDRESS [port PORT | app APPNAME]]  [com‐

ment COMMENT]

ufw [–dry-run] delete NUM

ufw [–dry-run] app list|info|default|update

 

As you can see ufw provides a plethora of commands and options.  Let’s take the commands apart.

Above you see [–dry-run] which is the option to test the command without enabling it.  The firewall can be enabled, disabled or the rules reloaded.  The default behavior of the firewall can be se with the default option.  You can set the log level to (low, medium, high or full) or turn it on of off.  Reset, resets the firewall as illustrated above.  The status command has the option numbered (illustrated above) or verbose which gives you additional information as to the behavior.  You can add comments to the rules and even specify application names.  The applications are stored in /etc/ufw/applications.d.

 

The show REPORT option gives you details about what the firewall is doing for example try this command:

you@yoursystem:~$ sudo ufw show listening

tcp:

139 * (smbd)

22 * (sshd)

[ 1] allow from 10.0.0.20 to any port 22 proto tcp

 

445 * (smbd)

tcp6:

139 * (smbd)

22 * (sshd)

445 * (smbd)

udp:

137 10.0.0.255 (nmbd)

137 10.0.0.80 (nmbd)

137 * (nmbd)

138 10.0.0.255 (nmbd)

138 10.0.0.80 (nmbd)

138 * (nmbd)

37937 * (dnsmasq)

49595 * (avahi-daemon)

5353 * (avahi-daemon)

631 * (cups-browsed)

udp6:

46295 * (avahi-daemon)

5353 * (avahi-daemon)

 

Notice the firewall is listening on so many ports can you tell if this is a server or desktop os?  It’s most likely a desktop OS since it is listening on the Windows ports.

 

In conclusion ufw has many options and supports a simple and full syntax.  I recommend using the full syntax and be very specific to open the specific port, protocol and ip addresses that need access.

[1] https://help.ubuntu.com/lts/serverguide/firewall.html.en

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.