UFW, or uncomplicated firewall is a configuration tool that makes configuring iptables easy, so why not enable it and harden your server security ?
Before getting started
You can run a basic port scan (with nmap) to see wich ports are already open, -v
for verbose mode and -sT
to run a TCP connect() Scan.
$ sudo apt-get install nmap
$ nmap -v -sT localhost
Uncomplicated Firewall
Iptables and ufw are both available by default in Ubuntu.
First, we check the status, and change default incoming policy to deny (all outgoing traffic is allowed).
$ sudo ufw status
$ sudo ufw default deny
$ sudo ufw logging on
Next, we add some rules:
$ sudo ufw allow ssh/tcp
$ sudo ufw allow http/tcp
or the same:
$ sudo ufw allow 22/tcp
$ sudo ufw allow 80/tcp
Finally, we can enable the firewall.
$ sudo ufw enable
That’s it ! Now you don't have to worry about ports/services on your server anymore.
You can disable the firewall if needed.
$ sudo ufw disable
Iptables
We can see the iptables rules that ufw have generated.
$ sudo iptables -L
And you ?
Any tips on how to setting up iptables with ufw on Ubuntu Server ?
Tip with Bitcoin
Tip me with Bitcoin and vote for this post!
Leave a comment