ufw - Firewall

Default firewall configuration tools for Ubuntu are ufw. Developed to easily configure iptables firewall, ufw are friendly provided to users in order to construct a firewall based on server IPv4 or IPv6.

ufw are disabled by default 

According to the web of Ubuntu:

“ ufw is not intended to provide complete firewall functionality via its command interface, but instead provides an easy way to add or remove simple rules. It is currently mainly used for host-based firewalls. ”

Here's some examples on how to use ufw:

First, Ubuntu needs to be activated

root@maxserver:~# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

To open a gateway (ssh in this example opens port 22):

# ufw allow 22

or

# ufw allow 22/tcp

Rules can also be added by using a number formatQuy định cũng có thể được thêm vào bằng cách sử dụng định dạng đánh số:

# ufw insert 1 allow 80

TO close an opened gateway

# ufw deny 80

TO remove a rule, use Delete after the rule

# ufw delete deny 80

It can allow the access from a server or a particular network for the gateway. The following example allows any SSH access from 107.189.160.7  IP addresses on this server

# ufw allow proto tcp from 107.189.160.7 to any port 22

You can replace IP with Subnet to allow SSH access from the entire subnet 

Add an option--dry-run to ufw commands to read rules of gateways that need opening but do not run those rules. Look at the port of Mysql for example

 # ufw --dry-run allow mysql

Results returned

### tuple ### allow any 3306 ::/0 any ::/0 in
-A ufw6-user-input -p tcp --dport 3306 -j ACCEPT
-A ufw6-user-input -p udp --dport 3306 -j ACCEPT

ufw can be disabled by:

# ufw disable

To see the firewall status, enter:

# ufw status

Results returned show ports that are being opened

Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
22/tcp                     ALLOW       107.189.160.7
22 (v6)                    ALLOW       Anywhere (v6)

See more details about the status 

# ufw status verbose

Result

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22                         ALLOW IN    Anywhere
22/tcp                     ALLOW IN    107.189.160.7
22 (v6)                    ALLOW IN    Anywhere (v6)

Get preferences from the file etc/service , which defines ports that you're going to open or close

You can use the port name instead of its number, for eg SSH instead of 22

ufw with applications

Folder /etc/ufw/applications.d is a folder containing files that define detailedly ports neccessary for applications working correctly 

To see the installed applications

# ufw app list
Result

Available applications:
  Nginx Full
  Nginx HTTP
  Nginx HTTPS
  OpenSSH
Then we've installed nginx