What is Firewall UFW iptables in Ubuntu?

What is Firewall UFW iptables in Ubuntu?

If you using Ubuntu or any Linux What is Firewall UFW iptables in Ubuntu? Let’s begin, a firewall can be software or hardware that will ensure and improve the security of computers connected to networks, such as LAN or internet. The primary goal of any firewall is to monitor/block suspicious traffic request and data packets. However, it is very important to configure and control your firewall effectively. We can use a combination of hardware and software to make secure communications. There are different type of firewall, so we have choices to implement it as per the purpose e.g. Packet Filters, Applications Gateways, Dynamic Packet Filters, Circuit level Gateways and many more.

UFW is Uncomplicated Firewall. It developed to provide friendly framework to manage iptables, so it became default firewall on system like Ubuntu and Debian. Along with command line, UFW have some GUI tool (gUFW) to help that make firewall configuration easier.

What is iptables? It is a rules based default firewall in most of Linux based operating systems. iptables define rules for incoming and outgoing packets which may contained important information.

Install UFW

You must understand only root or user with sudo privileges can manage the firewall.

As we discussed, ufw should be installed on Ubuntu. So with the help of following command we can check ufw installed or not on our system.

$ which ufw

If ufw already installed on system, command return following message.

Output

$ /usr/sbin/ufw  -- ufw path 

If ufw not installed then use following command to install it.

$ sudo apt-get install ufw   -- install ufw command

Once installation is completed, check ufw status ( Enabled / Disabled ).

$ sudo ufw status verbose

By default ufw is disabled or not activated before, give below like output:

Output

Status: inactive 

Now let’s enabled it.

$ sudo ufw enable
Output

Firewall is active and enabled on system startup

Check ufw status again, this time Output like be as follow.

$ sudo ufw status

Output

Status: active
To                 Action    From
--                 ------    ----
Apache Full        ALLOW     Anywhere
Apache Full (v6)   ALLOW     Anywhere

Configure ufw to support IPv6

If the system has both IPv4 and IPv6 then we need to change setting in UFW configuration file. Open configuration file add following line OR uncomment line IPV6=yes

Set up default ufw policies.

At initial level default ufw policies work great for both, server and desktop. So it is always best practice to closes all ports on server and open only necessary port as per requirement. Lets block all incoming connection and only allow outgoing connections.

$ sudo ufw default allow outgoing

Output
Default outgoing policy changed to 'allow'

$ sudo ufw default deny incoming

Output
Default incoming policy changed to 'deny'

Block Access

Now we will check how to Block or Allow all network connection which originate from specific IP address. Use example 14.14.14.14 . To Block all network traffic, we use deny command.

Syntax

$ sudo ufw deny from < Remote IP Address > to < Local IP Address > proto < Protocol > port < Port Number >

Block All network connections from IP address 14.14.14.14

$ sudo ufw deny from 14.14.14.14 to any

Let see how we can block network traffic on specific Protocol and port.

$ sudo ufw deny from 14.14.14.14 to any proto tcp port 80 

Allow Access

Let add rules to allow IP address to all traffic or for specific network ports using ufw “allow” command.

Syntax

$ sudo ufw allow from < Remote IP Address > to < Local IP >
$ sudo ufw allow from 14.14.14.14 

So Above firewall rule will allow all network connection from the mention IP address.

$ sudo ufw allow from 14.14.14.14 to 15.15.15.15 

This rule allow all connection from IP Address 14.14.14.14 only to 15.15.15.15 IP Address

$ sudo ufw allow from 14.14.14.14 to any proto tcp port 80

This time, above rule will allow network traffic related to TCP protocol and open port 80 to specific IP Address.

Subnet

So syntax for allow or deny connection to a subnet of IP Address is similar as allowing to a single IP address. The only difference is we need to mention the netmask.

In below example we allow access from range of IP addresses 10.2.2.0 to 10.2.2.255 to MySQL port (3306)

$ sudo ufw allow from 10.2.2.1/24 to any port 3306

Delete rules

Now let understand how to delete ufw rules because it is equally important to understand how to create it. There are different ways to remove rules from ufw. We can remove rule by its number OR by actual rule. So let try easier way that is delete by rule number.

By rule number

To delete ufw firewall rules by number, we need to list down all rules with numbers. Following command with numbered option will display numbers texts to each rule

$ sudo ufw status numbered   

Output

status: active

To                         Action        From
---                       --------       -----
[ 1] Apache Full          ALLOW IN       Anywhere
[ 2] Apache Full          DENY IN        14.14.14.14
[ 3] Apache Full (v6)     ALLOW IN       Anywhere

Suppose we want to delete rule no 2 which blocking connection from 14.14.14.14 IP address, we can mention rule no in ufw delete command as follow. It is protective process, so it will ask confirmation before delete rule.

$ sudo ufw delete 2

By actual rule

Now let try to delete rule using the original rule, mention original rule with ufw delete command. Check example add one more rule and then delete it.

$ sudo ufw allow from 192.168.1.1 to any proto tcp port 22 

Execute following command to delete above rule

$ sudo ufw delete allow from 192.168.1.1 to any proto tcp port 22

Delete all rules

Following command will remove all firewall rules and also disable the firewall.

$ sudo ufw reset

Output

Resetting all rules to installed defaults. Proceed with operation (y|n)? y
Backing up 'user.rules' to '/etc/ufw/user.rules.20200730_185856'
Backing up 'before.rules' to '/etc/ufw/before.rules.20200730_185856'
Backing up 'after.rules' to '/etc/ufw/after.rules.20200730_185856'
Backing up 'user6.rules' to '/etc/ufw/user6.rules.20200730_185856'
Backing up 'before6.rules' to '/etc/ufw/before6.rules.20200730_185856'
Backing up 'after6.rules' to '/etc/ufw/after6.rules.20200730_185856'

Any rules that we created with ufw will no longer active, so to activate it we need to run sudo ufw enable

I hope, you got answer of our question What is Firewall UFW iptables in Ubuntu? we covered basic ufw and its features. Now we will discuss more and advance level of ufw in our next post. Please visit again and send your valuable comments and feedback to improve our content.

Share and Enjoy !

Shares

Leave a Reply