Published on

UFW: The Firewall

Discover UFW: Easy, powerful network protection. Master essential firewall commands with our streamlined guide.

Authors
  • avatar
    Name
    pabloLlanes
    Twitter
    @
tailwind-nextjs-banner

UFW - Uncomplicated Firewall 🔥🔒🖥️

Welcome to the world of UFW, the friendly tool for effortlessly managing your server's firewall. In an era where digital security is more important than ever, having a robust firewall is key to safeguarding your network, and UFW is the perfect solution for this. UFW stands out for its simplicity, allowing anyone, regardless of their network security experience, to effectively configure and manage their firewall.

UFW operates as an intuitive front-end interface for iptables, the advanced and powerful firewall system in Linux. iptables is known for its robustness, but its complexity can be a barrier for less experienced users. UFW demystifies this complexity by simplifying the configuration and management process, offering a more user-friendly way to control your firewall rules. This guide will delve into the basics of UFW, illustrating how it seamlessly works with iptables to provide efficient and effective server protection. We'll guide you through setting up essential firewall rules and demonstrate how UFW makes it easier to secure your server, whether you're a seasoned sysadmin or a beginner. Our aim is to equip you with the knowledge to use UFW for effective and straightforward server security.

Install

First, install:

sudo apt install ufw // Debian/Ubuntu
sudo yum install ufw // CentOS/RHEL 
sudo dnf install ufw // Fedora

Initial

Enabling and Disabling UFW

sudo ufw enable
sudo ufw disable

Check UFW status

sudo ufw status verbose

Reset UFW to remove all existing rules and configurations

sudo ufw reset

Allow traffic (specific rules)✅

Open a specific port or service:

sudo ufw allow [port/service]

Allow traffic from a specific IP address:

sudo ufw allow from 186.22.17.250

Examples:

1 - Nginx web server

sudo ufw allow 'Nginx Full'

Allows web traffic on both HTTP and HTTPS.

2 - Apache web server

sudo ufw allow 'Apache Full'

Similar to Nginx, this allows web traffic.

3 - ICMP ping To enable ping, which is useful for diagnosing network issues:

sudo ufw allow proto icmp

4 - MySQL: The World's Most Popular Open-Source Database

MySQL runs on port 3306. To allow MySQL traffic:

sudo ufw allow 3306

5 - MongoDB

Open MongoDB default port:

sudo ufw allow 27017 comment 'Allow MongoDB Connections - port:27017'

Allow specific traffic:

sudo ufw allow from 190.193.169.236 to any port 27017 proto tcp
sudo ufw allow from 104.22.11.213 to any port 25 proto tcp
firewall

Deny traffic (specific rules)🚫

1 - Denying a Port or Service:

sudo ufw deny [port/service]

2 - Block a Malicious IP:

sudo ufw deny from 19.16.4.20

3 - Blocking SSH (Port 22)

sudo ufw deny 22

4 - Blocking a Specific Commonly Blocked Port (10150)

sudo ufw deny 10150

5 - Setting Default Policy to Deny Incoming Traffic

sudo ufw default deny incoming
firewall-ufw

Conclusion 🏁:

Setting up UFW rules is a fundamental step in securing your server. By allowing only necessary traffic and services, you minimize vulnerabilities and protect your server from unauthorized access. Remember, a secure server is the foundation of any robust online service or application.

firewall-ufw