Looking for a guide on how to install UFW on a Ubuntu 18.04 server? We can help you.
Uncomplicated Firewall or UFW provides an interface to manage the iptables firewall easily.
A firewall protects the server and the interconnected network from the dangers that exist on the Internet.
At Bobcares, we install a firewall in servers during the initial server setup, as part of our Server Management Services.
Today, let’s take a look at how our Support Engineers install UFW in a Ubuntu 18.04 server.
A brief look at UFW
Before getting into the installation part, let’s see what is UFW.
As we all know, firewalls prevent unauthorized access to a server by monitoring incoming and outgoing traffic.
Iptables is one such firewall that is highly flexible and configurable. But, users often find it complicated to use and maintain.
And, there comes the use of UFW, which functions as a front-end interface for the iptables. It provides an easy-to-use interface and simplifies the complicated iptables commands.
How we installed UFW in Ubuntu 18.04?
UFW comes pre-installed in Ubuntu servers.
But, one of our customers approached us with a request. He accidentally uninstalled the UFW from his Ubuntu server and, he wanted to install it back on his server.
Our Support Engineers first updated the Ubuntu package manager and installed UFW using the commands,
apt update apt install ufw
Then, we checked the status of UFW using the command,
But, the output showed that UFW is in an inactive state. So, to enable it, we used the command,
Thus the UFW firewall was activated in the server. Next, let’s see some important details to consider further.
A common warning message in the UFW installation
Enabling the UFW always shows the warning message, “command may disrupt existing connections”.
This is because, by default, UFW blocks all incoming connections and allows all outgoing connections.
So, if a user tries to access the server, he will not be able to connect, unless we open the respective ports.
Managing the UFW firewall
In order to use UFW, it’s important to know how to manage it. Let’s have a look at it.
As SSH is a commonly used way to connect to a server, first we open the port it uses. So the command we use is,
ufw allow ssh
We can also specify the port number instead of the service name.
Allow other services & ports
Similarly, to allow connections to different ports, we use the command,
ufw allow service_name/port_number
Using the service name opens default ports. So if we use a custom port, we specify the port number.
To allow a port range
UFW also allows access to multiple ports. But, for allowing port ranges, we need to specify the protocol used. That is TCP or UDP.
ufw allow port_range/protocol
Allow IP address
To allow connection from a particular IP address, we use,
ufw allow from xx.xx.xx.xx
Similarly, we can specify the port to which the IP can connect. And the command usage is,
ufw allow from xx.xx.xx.xx to any port 22
To allow connections to a specific network interface
Here we can create a rule that is applicable for a specific interface, say eth0.
ufw allow in on eth0 to any port 80
The UFW status after enabling ports appears as,
The output shows UFW as active and lists the added rules.
To deny any connections from a particular port or IP address, we use the commands,
ufw deny service_name/port_number/IP_address
Whereas, to delete any added rule, we first list the rules using the command,
ufw status numbered
The output appears as,
Status: active To Action From -- ----- ---- [ 1] 22/tcp ALLOW Anywhere [ 2] Nginx HTTP ALLOW Anywhere [ 3] 22/tcp (v6) ALLOW Anywhere (v6) [ 4] Nginx HTTP (v6) ALLOW Anywhere (v6)
To delete the second rule, we use the command,
ufw delete 2
Alternatively, we can delete the rule by specifying the added rule, that is,
ufw delete allow http
Disable and reset the UFW
If a user doesn’t want to use UFW, we ask them to use any other firewall for security and disable UFW for them. For this, we use the command,
Whereas, if a user wants to reset it to default policies, we use the command,
[Need assistance in setting up a firewall in Linux servers? – We’ll help you.]
In today’s article, we discussed how our Support Engineers easily installed UFW in the Ubuntu 18.04 server. We also saw different ways to manage a UFW firewall.