Setup firewall in Ubuntu using ufw

There are two types of firewalls available in Linux, a packet filtering firewall and a proxy-based firewall. Most Linux users use a packet filtering firewall to setup a basic firewall for their system because Linux already came with firewall package by default.

Linux kernel came with a module called netfilter. Netfilter is used to manipulate incoming and outgoing traffic in Linux system. You can use locate command to find netfilter in your Linux system like in the example below:

luzar@ubuntu:~$ locate netfilter
/lib/modules/2.6.24-19-server/kernel/net/netfilter
/lib/modules/2.6.24-19-server/kernel/net/bridge/netfilter
/lib/modules/2.6.24-19-server/kernel/net/bridge/netfilter/ebt_802_3.ko
/lib/modules/2.6.24-19-server/kernel/net/bridge/netfilter/ebt_among.ko
/lib/modules/2.6.24-19-server/kernel/net/bridge/netfilter/ebt_arp.ko
/lib/modules/2.6.24-19-server/kernel/net/bridge/netfilter/ebt_arpreply.ko
...
...

However, netfilter by itself cannot do anything without being configured. Thereby, Linux has iptables, a command line user interface to manipulate and configure rules. The netfilter will refer to that rules to accept or reject incoming or outgoing packets in Linux system.

Ubuntu ufw configuration

Ubuntu ufw is a user friendly interface to configure firewall in Ubuntu system. It is an alternative for users who find iptables is difficult to use. ufw stands for uncomplicated firewall. Here is a part of ufw manual page:

NAME
ufw - program for managing a netfilter firewall

DESCRIPTION
This program is for managing a Linux firewall and aims to provide an easy to use interface for the user.

USAGE
ufw [--dry-run] enable|disable

ufw [--dry-run] default allow|deny

ufw [--dry-run] logging on|off

ufw [--dry-run] status

ufw [--dry-run] [delete] allow|deny PORT[/protocol]

ufw [--dry-run] [delete] allow|deny [proto protocol] [from ADDRESS [port PORT]]
[to ADDRESS [port PORT]]

ufw is not enabled by default. Check ufw status with this command:

luzar@ubuntu:~$ sudo ufw status
Firewall not loaded
luzar@ubuntu:~$

To use ufw to configure rules for Ubuntu firewall, we need to enable it. Here's the command to enable ufw:

luzar@ubuntu:~$ sudo ufw enable
[sudo] password for luzar:
Firewall started and enabled on system startup
luzar@ubuntu:~$

To disable ufw, use this command:

luzar@ubuntu:~$ sudo ufw disable
Firewall stopped and disabled on system startup
luzar@ubuntu:~$

To add a firewall rule, use ufw allow command. Make sure to enable ufw before running this command. Here is an example to allow ssh service to firewall rules:

luzar@ubuntu:~$ sudo ufw allow ssh
Rule added
luzar@ubuntu:~$ sudo ufw status verbose
Firewall loaded

To Action From
-- ------ ----
22:tcp ALLOW Anywhere
22:udp ALLOW Anywhere

luzar@ubuntu:~$

We can also use --dry-run option to check the rules applied. The --dry-run option do not modify anything, it just show the changes. Here is an example:

luzar@ubuntu:~$ sudo ufw --dry-run allow http
*filter
:ufw-user-input - [0:0]
:ufw-user-output - [0:0]
:ufw-user-forward - [0:0]
### RULES ###

### tuple ### allow any 22 0.0.0.0/0 any 0.0.0.0/0
-A ufw-user-input -p tcp --dport 22 -j ACCEPT
-A ufw-user-input -p udp --dport 22 -j ACCEPT

### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0
-A ufw-user-input -p tcp --dport 80 -j ACCEPT

### END RULES ###
-A ufw-user-input -j RETURN
-A ufw-user-output -j RETURN
-A ufw-user-forward -j RETURN
COMMIT
Rules updated
luzar@ubuntu:~$

Here are other commands that you can use with ufw:

Usage: ufw COMMAND

Commands:
enable Enables the firewall
disable Disables the firewall
default ARG set default policy to ALLOW or DENY
logging ARG set logging to ON or OFF
allow|deny RULE allow or deny RULE
delete allow|deny RULE delete the allow/deny RULE
status show firewall status
version display version information

You should enable firewall log so you can always check all activity running in your system. To enable firewall log using ufw, use this command:

luzar@ubuntu:~$ sudo ufw logging on
Logging enabled
luzar@ubuntu:~$

Firewall logs can be checked in /var/log/kern.log, /var/log/syslog and /var/log/messages.

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.