How to configure UFW Firewall on Ubuntu 16.04

Posted on July 16th, 2019

To avoid unauthorized access on our server, we have to protect our server! Usually, we have to configure the firewall on the server to avoid unauthorized access on any port. And it is very easy using ufw firewall in Ubuntu 16.04 system.

In this guide, I will show you how to use UFW to protect your Ubuntu 16.04 system. We will cover everything about ufw in this detailed guide. Let’s first discuss how ufw or any other firewall can protect our server.

So, the firewall is kind of a program that can allow/deny requests on the server’s ports based on the rules we set. Let’s say, you are setting up a web server. And in a web server, we essentially have to allow incoming connections on port 80 (HTTP), 443 (HTTPS) and 22 (SSH/SFTP). Incoming requests on all the other ports must be closed.

Why closed? There are many reasons. First of all, other ports are not in use, and we don’t have to connect to other ports, so there is no point allowing incoming requests on other ports. The second reason is if some service is running on a specific port without any service level security and your server is allowing requests on that port, a hacker can easily get into your system.

In short, It’s very easy to get hacked if the Firewall is not in place. Now, the easiest way to configure a firewall on Ubuntu 16.04 system is through the program called ufw.

What is UFW Firewall and how to it on Ubuntu 16.04?

UFW stands for Uncomplicated Firewall. It means that it allows us to manage the firewall on our system easily. The queries or commands we use to manage the UFW rules are very easy to read and remember.

For example, if you want to allow incoming requests on port number 80(HTTP), You can just execute a command like the one given below and the server will start accepting requests on that specific port.

$ sudo ufw allow 80 // or $ sudo ufw allow http

It’s that easy. This demonstration is just to show you how easy it is to configure the firewall using ufw. Now, Let’s first check if ufw is present or not. UFW is installed by default on Ubuntu 16.04 system, However, If you want to make sure that it is present, execute the following command to see the current status of ufw in your system.

$ sudo ufw status verbose

It should show you Status: inactive if ufw is not actively working, but present on the system. If the firewall is truly on, you will see a list of rules as an output.

If you see some error message with command not found string attached to it, you have to install UFW on your system. It’s very easy, Execute the following command to install or update UFW on ubuntu 16.04.

$ sudo apt-get install ufw -y

Once done, we are ready to move on with setting default rules.

Setup Default Firewall Rules

What are these default rules? So, there are 65535 ports in a Linux system. And it’s hard to disable incoming connections on all of them one by one. What we normally do is, disable all the incoming connections, allow all the outgoing connections, and then allow connections to the port that can receive connections.

So, we are going to deny all the incoming requests by executing the following command.

$ sudo ufw default deny incoming

And we will allow all the outgoing connections by executing the following command.

$ sudo ufw default allow outgoing

Now, It’s time to allow connections on ports we want to allow. So, we have to learn to add new rules. We add a rule to allow or deny traffic on any port or range of ports from any IP address or subnet. So, we will first learn how we can add rules in ufw.

UFW Firewall – Add Rule

Adding rules is very simple. In this demonstration, I am going to follow a scenario that will allow us to cover all the essentials of UFW. So, We will first add the rules to allow SSH, HTTP and HTTPS connections on the server. Then we will perform some complex operations on our Firewall to improve the security.

So, Execute the following set of commands to allow SSH(22), HTTP(80) and HTTPS(443) traffic on your server.

$ sudo ufw allow 22
$ sudo ufw allow 80
$ sudo ufw allow 443

So, this is the most basic way to add a rule in the ufw firewall. However, we can make these rules more specific by defining the IP address or a subnet along with the port number and the type of connection (TCP, UDP).

Let’s say we will connect to our server via SSH from one IP address only. And the server should not accept connections from the IP addresses other than the one that is defined in the rule. We will assume that the IP address in this demonstration is 1.2.3.4.

The command to allow connections on SSH(22) from an IP address stated above would be.

$ sudo ufw allow from 1.2.3.4 to any port 22

We can also allow access to the subnet using a single command. Let’s say you want to access the SSH from IP addresses ranging from 1.2.3.1 to 1.2.3.254, you can execute the following command.

$ sudo ufw allow from 1.2.3.0/24 to any port 22

If you want to allow connections on the range of ports, Let’s say, from 1050-1055, you can do so by executing the command in the following format.

$ sudo ufw allow 1050:1055/tcp

So, this is pretty much it! These are the only rules you have to learn in order to allow/deny requests from the sources. Now, Let’s see how we can delete the rules we have created.

UFW Firewall – Delete Rule

Deleting rules in ufw is very easy if you choose to follow the easy path. There are two ways to delete a firewall rule in UFW. The first one is to write down the rule itself to delete a rule. And the second one is to get the numbered list of the rules and to delete a rule by number (It’s easy and clean!).

We will not ignore the first method just because the second one is recommended. Let’s say you don’t want to allow HTTP(80) traffic on your server. In that case, if you follow the first method to delete a rule, your command should look like this.

$ sudo ufw delete allow 80

Similarly, if you want to delete some other rule from the list of rules you have created, you have to write down the full rule with the delete command.

The second method consists of two steps. The first one is to get the list of rules with numbers for identification. And the second one is to execute the delete command with the number of rule you want to delete.

Execute the following command to get a list of rules with numbers.

$ sudo ufw status numbered

Now, select the number of rule you want to delete and execute the following command to delete the rule.

$ sudo ufw delete NUMBER_OF_RULE

It will ask you to confirm the operation you are going to perform. Once you answer with y, it will delete that specific rule. So, this is how you can delete rules in ufw firewall.

Enable UFW

Once all the rules are in place, we have to enable the UFW firewall to apply all the rules we have created. It’s very easy to enable the UFW firewall, just execute the following command in your terminal.

$ sudo ufw enable

It will ask you to confirm if you really want to enable the Firewall. Please make sure that the port 22 is always open because if you close the SSH port, you will get locked out of your server once you disconnect.

Disable UFW

If you want to disable the firewall at any point of time, execute the following command to disable the protection provided by UFW.

$ sudo ufw disable

It will instantly disable the Firewall. If you did something wrong or you want to get started with the ufw rules all over again, you can reset ufw by executing the following command.

$ sudo ufw reset

 

Conclusion: UFW is a really good way to manage the firewall on your server. The rules are easy to read and the operations on rules are easy to perform. There are some other less known features of ufw that you can use to perform many advanced tasks like prioritizing the new rule you create. We will keep updating this guide with new and interesting features of UFW. If you are facing any issue following this guide, please let us know in the comment section. We will respond as soon as possible.

Leave a Reply