If you using Ubuntu or any Linux What are Firewall UFW iptables in Ubuntu? Let’s begin, a firewall can be software or hardware that will ensure and improve the security of computers connected to networks, such as LAN or the internet. The primary goal of any firewall is to monitor/block suspicious traffic requests and data packets. However, it is very important to configure and control your firewall effectively. We can use a combination of hardware and software to make secure communications. There are different types of firewalls, so we have choices to implement them as per the purpose e.g. Packet Filters, Applications Gateways, Dynamic Packet Filters, Circuit level Gateways and many more.
UFW is an Uncomplicated Firewall. It was developed to provide a friendly framework to manage iptables, so it became the default firewall on systems like Ubuntu and Debian. Along with the command line, UFW has some GUI tools (gUFW) to help make firewall configuration easier.
What are iptables? It is a rules-based default firewall in most Linux-based operating systems. iptables define rules for incoming and outgoing packets which may contain important information.
Install UFW
You must understand only the root or users with sudo privileges can manage the firewall.
As we discussed, ufw should be installed on Ubuntu. So with the help of the following command, we can check ufw is installed or not on our system.
$ which ufw
If ufw is already installed on the system, the command returns the following message.
Output
$ /usr/sbin/ufw -- ufw path
If ufw is not installed then use the following command to install it.
$ sudo apt-get install ufw -- install ufw command
Once installation is completed, check ufw status ( Enabled / Disabled ).
$ sudo ufw status verbose
By default ufw is disabled or not activated before, give below like output:
Output
Status: inactive
Now let’s enable it.
$ sudo ufw enable
Output
Firewall is active and enabled on system startup
Check ufw status again, this time Output like be as follow.
$ sudo ufw status
Output
Status: active
To Action From
-- ------ ----
Apache Full ALLOW Anywhere
Apache Full (v6) ALLOW Anywhere
Configure ufw to support IPv6
If the system has both IPv4 and IPv6 then we need to change the setting in the UFW configuration file. Open the configuration file and add the following line OR uncomment line IPV6=yes
Set up default ufw policies.
At the initial level default, ufw policies work great for both, server and desktop. So it is always best practice to close all ports on the server and open only necessary ports as per requirement. Let’s block all incoming connections and only allow outgoing connections.
$ sudo ufw default allow outgoing
Output
Default outgoing policy changed to 'allow'
$ sudo ufw default deny incoming
Output
Default incoming policy changed to 'deny'
Block Access
Now we will check how to Block or Allow all network connections which originate from a specific IP address. Use example 14.14.14.14. To Block all network traffic, we use deny command.
Syntax
$ sudo ufw deny from < Remote IP Address > to < Local IP Address > proto < Protocol > port < Port Number >
Block All network connections from IP address 14.14.14.14
$ sudo ufw deny from 14.14.14.14 to any
Let see how we can block network traffic on specific protocols and ports.
$ sudo ufw deny from 14.14.14.14 to any proto tcp port 80
Allow Access
Let’s add rules to allow the IP addresses to all traffic or for specific network ports using ufw “allow” command.
Syntax
$ sudo ufw allow from < Remote IP Address > to < Local IP >
$ sudo ufw allow from 14.14.14.14
So Above firewall rule will allow all network connections from the mentioned IP address.
$ sudo ufw allow from 14.14.14.14 to 15.15.15.15
This rule allows all connections from IP Address 14.14.14.14 only to 15.15.15.15 IP Address
$ sudo ufw allow from 14.14.14.14 to any proto tcp port 80
This time, the above rule will allow network traffic related to TCP protocol and open port 80 to specific IP Addresses.
Subnet
So syntax for allowing or denying connection to a subnet of IP Address is similar to allowing to a single IP address. The only difference is we need to mention the netmask.
In the below example, we allow access from a range of IP addresses 10.2.2.0 to 10.2.2.255 to MySQL port (3306)
$ sudo ufw allow from 10.2.2.1/24 to any port 3306
Delete rules
Now let’s understand how to delete ufw rules because it is equally important to understand how to create them. There are different ways to remove rules from ufw. We can remove the rule by its number OR by the actual rule. So let’s try an easier way which is to delete by rule number.
By rule number
To delete ufw firewall rules by number, we need to list down all rules with numbers. Following the command with numbered option will display numbers texts to each rule
$ sudo ufw status numbered
Output
status: active
To Action From
--- -------- -----
[ 1] Apache Full ALLOW IN Anywhere
[ 2] Apache Full DENY IN 14.14.14.14
[ 3] Apache Full (v6) ALLOW IN Anywhere
Suppose we want to delete rule no 2 which blocks connection from the 14.14.14.14 IP address, we can mention rule no in ufw delete command as follow. It is a protective process, so it will ask for confirmation before deleting the rule.
$ sudo ufw delete 2
By actual rule
Now let’s try to delete the rule using the original rule, mentioning the original rule with ufw delete command. Check the example add one more rule and then delete it.
$ sudo ufw allow from 192.168.1.1 to any proto tcp port 22
Execute the following command to delete the above rule
$ sudo ufw delete allow from 192.168.1.1 to any proto tcp port 22
Delete all rules
The following command will remove all firewall rules and also disable the firewall.
$ sudo ufw reset
Output
Resetting all rules to installed defaults. Proceed with operation (y|n)? y
Backing up 'user.rules' to '/etc/ufw/user.rules.20200730_185856'
Backing up 'before.rules' to '/etc/ufw/before.rules.20200730_185856'
Backing up 'after.rules' to '/etc/ufw/after.rules.20200730_185856'
Backing up 'user6.rules' to '/etc/ufw/user6.rules.20200730_185856'
Backing up 'before6.rules' to '/etc/ufw/before6.rules.20200730_185856'
Backing up 'after6.rules' to '/etc/ufw/after6.rules.20200730_185856'
Any rules that we created with ufw will no longer be active, so to activate it we need to run sudo ufw enable
I hope, you got the answer to our question What are Firewall UFW iptables in Ubuntu? we covered basic ufw and its features. Now we will discuss more and advance the level of ufw in our next post. Please visit again and send your valuable comments and feedback to improve our content.