Operating a virtual server often raises concerns about security. If your server is accessible externally, configuring a firewall is essential. In this article, we will take a step-by-step look at how to use UFW, the default firewall tool provided by Ubuntu. Want to strengthen your server’s security? This article will be helpful.
UFW allows you to manage firewall rules with simple commands, making it easy to manage server security without complex configurations. Each step will be explained with concrete examples.
1. Check UFW Status
The first thing to do is check whether UFW is enabled. You can check the current firewall status with the following command:
sudo ufw status- If enabled: `Status: active`
- If disabled: `Status: inactive`
If UFW is not enabled, follow the steps below to activate the firewall.
2. Enable and Disable UFW
Enabling or disabling the firewall is very simple.
Enable UFW
To enable UFW if it’s disabled, use the following command:
sudo ufw enableOnce the firewall is enabled, all incoming connections are blocked by default. You’ll need to manually open the necessary services.
Disable UFW
If you want to turn off the firewall, use the following command:
sudo ufw disable3. Set Default Policies
To strengthen server security, it’s important to set up default firewall policies. By default, UFW blocks incoming traffic and allows outgoing traffic.
Deny all incoming traffic
sudo ufw default deny incomingAllow all outgoing traffic
sudo ufw default allow outgoingThis setting helps block unnecessary access and increases server stability.
4. Allow and Block Specific Ports
It’s important to only open the necessary ports on your server. If you’re running a web server, you’ll need to open HTTP (port 80) and HTTPS (port 443).
Allow specific ports
You can open HTTP and HTTPS ports with the following commands:
sudo ufw allow 80/tcp
sudo ufw allow 443/tcpAllow port range
To open a range of ports, you can use the following command:
sudo ufw allow 1000:2000/tcpBlock specific ports
To block unnecessary ports, enter the following command:
sudo ufw deny 22/tcpRemove allowed port
To remove a previously allowed port:
sudo ufw delete allow 80/tcpBy selectively managing ports, you can reduce unnecessary traffic and enhance server security.
5. Allow by Service Name
If you want to allow only specific services, you can set firewall rules using the service name. For example, to allow OpenSSH, use the following command:
sudo ufw allow OpenSSHThis command securely opens the SSH service while blocking other unnecessary access.
6. Set IP Address or Network Rules
If you want to allow access from specific IPs or networks, you can specify the IP address.
Allow from specific IP
For example, to allow SSH access only from the IP address 203.0.113.1, use the following command:
sudo ufw allow from 203.0.113.1 to any port 22Allow full access from specific IP
sudo ufw allow from 203.0.113.1You can also allow specific network ranges using this method.
7. Enable and Disable UFW Logs
To monitor server activity, you should enable logging. Use the following command to turn on logging:
sudo ufw logging onIf logs are no longer needed, turn them off with the following command:
sudo ufw logging off8. Check Settings
To review the rules you’ve set up, use the following command. Each rule will be displayed with a number.
sudo ufw status numbered9. Delete Rules
To delete an unnecessary rule, check the rule number and then use the delete command.
sudo ufw delete <number>For example, to delete rule number 3, enter the following command:
sudo ufw delete 310. Reset Firewall Settings
If you want to reset all the rules, you can reset UFW settings with the following command:
sudo ufw resetConclusion
The key to server security is blocking unnecessary access and allowing only essential services. With UFW, you can easily protect your server without complicated firewall configurations. Are you ready to make your server more secure now?