Ubuntu Firewall: Basic Introduction
This is a basic introduction to Ubuntu firewall using the terminal commands. This tutorial requires you have administrative access to your Ubuntu system. If you installed Ubuntu the first account created by default has administrative access via sudo. You will need to type sudo for each command illustrated below. The system will ask for your login password the first time (it will remember that password for about 15 minutes). Follow the steps below to check and modify the firewall.
Open a terminal window (ctrl t). In the terminal window enter:
you@ursystem:~$ sudo ufw status
[sudo] password for you:
Status: inactive
ufw stands for uncomplicated[1] firewall. It is a very simple interface to get you started. All modern Linux firewalls are based on the packet filtering framework developed and maintained by the folks at netfilter.org.
In the above example the firewall is not running to enable the firewall enter the command:
you@ursystem:~$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
You have enabled your firewall try the status command again to see the results. It reports active. The firewall is active but you have not set any rules. To allow ssh connections to your system enter the command:
you@yoursystem:~$ sudo ufw allow ssh
Rule added
Rule added (v6) (note this is displayed if you are also using IP v6)
You have just added ssh however you have allowed connection to port 22 from any location on the internet (using both UDP and TCP). You have also allowed connection using IPv6. If you are only using IPv4 delete the rule for IPv6 and harden the remaining rule to only allow tcp. To verify the above rules created enter the status command again. Look at the “From” column.
you@yoursystem:~$ sudo ufw status
Status: active
To Action From
— —— —-
22 ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
Notice the one command generated 2 rules. It is best to be very specific and allow only the ip addresses you expect to connect from and the protocol to use. In this case we want to only allow TCP and from one IP address, using IPv4. I will delete the above rules, using the reset option.
You can reset the firewall by using the reset options as follows:
sudo ufw –force reset
Notice the “–force” option, this issues the command without asking for permission. The firewall is back to defaults. Issue “sudo ufw status” to verify.
Let’s enable the firewall again only this time to one specific IP address and using the TCP protocol version 4. To do so gather the IP address you want to ssh from and enter that IP in the command:
sudo ufw allow from {your ip address in here} to any port 22 proto tcp
Enter the command for status “sudo ufw status”. What do you see? Even though you created a firewall rule the firewall is still disabled from the previous reset command. Enable the firewall “sudo ufw enable” and run the status command again. You should see the new rule you just created.
This rule allows only the IP address entered in the brackets to connect to your system, via ssh.
In order to modify the rules you need to list them with numbers so enter the command:
you@yoursystem:~$ sudo ufw status
Status: active
To Action From
— —— —-
22/tcp ALLOW 10.0.0.20
Let’s add another rule to allow connections to your systems web server.
you@yoursystem:~$ sudo ufw allow from 10.0.0.20 to any port 80 proto tcp
Rule added
you@yoursystem:~$ sudo ufw status
Status: active
To Action From
— —— —-
22/tcp ALLOW 10.0.0.20
80/tcp ALLOW 10.0.0.20
Now you have 2 rules. Let’s list the rules with the associated number. Listing rules with numbers is needed when deleting rules.
you@yoursystem:~$ sudo ufw status numbered
Status: active
To Action From
— —— —-
[ 1] 22/tcp ALLOW IN 10.0.0.20
[ 2] 80/tcp ALLOW IN 10.0.0.20
Notice the numbers 1 and 2 in brackets, on the left before the rule. That represents the number for that rule.
To delete the second rule enter the command:
you@yoursystem:~$ sudo ufw delete 2
Deleting:
allow from 10.0.0.20 to any port 80 proto tcp
Proceed with operation (y|n)? y
Rule deleted
UFW verified you wanted to delete rule 2 and it requested you answer yes with a y. If you do not want to be prompted use the “–force” options as illustrated earlier. Below is a list of other commands you can issue (copied from the man page).
ufw [–dry-run] enable|disable|reload
ufw [–dry-run] default allow|deny|reject [incoming|outgoing|routed]
ufw [–dry-run] logging on|off|LEVEL
ufw [–dry-run] reset
ufw [–dry-run] status [verbose|numbered]
ufw [–dry-run] show REPORT
ufw [–dry-run] [delete] [insert NUM] allow|deny|reject|limit [in|out] [log|log-all] [ PORT[/PROTOCOL]
| APPNAME ] [comment COMMENT]
ufw [–dry-run] [rule] [delete] [insert NUM] allow|deny|reject|limit [in|out [on INTERFACE]]
[log|log-all] [proto PROTOCOL] [from ADDRESS [port PORT | app APPNAME ]] [to ADDRESS [port PORT | app
APPNAME ]] [comment COMMENT]
ufw [–dry-run] route [delete] [insert NUM] allow|deny|reject|limit [in|out on INTERFACE] [log|log-all]
[proto PROTOCOL] [from ADDRESS [port PORT | app APPNAME]] [to ADDRESS [port PORT | app APPNAME]] [com‐
ment COMMENT]
ufw [–dry-run] delete NUM
ufw [–dry-run] app list|info|default|update
As you can see ufw provides a plethora of commands and options. Let’s take the commands apart.
Above you see [–dry-run] which is the option to test the command without enabling it. The firewall can be enabled, disabled or the rules reloaded. The default behavior of the firewall can be se with the default option. You can set the log level to (low, medium, high or full) or turn it on of off. Reset, resets the firewall as illustrated above. The status command has the option numbered (illustrated above) or verbose which gives you additional information as to the behavior. You can add comments to the rules and even specify application names. The applications are stored in /etc/ufw/applications.d.
The show REPORT option gives you details about what the firewall is doing for example try this command:
you@yoursystem:~$ sudo ufw show listening
tcp:
139 * (smbd)
22 * (sshd)
[ 1] allow from 10.0.0.20 to any port 22 proto tcp
445 * (smbd)
tcp6:
139 * (smbd)
22 * (sshd)
445 * (smbd)
udp:
137 10.0.0.255 (nmbd)
137 10.0.0.80 (nmbd)
137 * (nmbd)
138 10.0.0.255 (nmbd)
138 10.0.0.80 (nmbd)
138 * (nmbd)
37937 * (dnsmasq)
49595 * (avahi-daemon)
5353 * (avahi-daemon)
631 * (cups-browsed)
udp6:
46295 * (avahi-daemon)
5353 * (avahi-daemon)
Notice the firewall is listening on so many ports can you tell if this is a server or desktop os? It’s most likely a desktop OS since it is listening on the Windows ports.
In conclusion ufw has many options and supports a simple and full syntax. I recommend using the full syntax and be very specific to open the specific port, protocol and ip addresses that need access.
[1] https://help.ubuntu.com/lts/serverguide/firewall.html.en
Leave a Reply
Want to join the discussion?Feel free to contribute!