Firewall configuration isn’t always a very easy thing in linux. I know that I have felt a bit intimidated, in the past. UFW (uncomplicated firewall) is meant to make it much easier. UFW is a configuration tool that runs on top of iptables. In this post, I am hoping to go over how to use it.
Let’s start with how to get it onto your machine. It is included on a lot of distributions but isn’t included on the flavor of Ubuntu that is on my Raspberry Pi, so “Step 0” is to
sudo apt-get install ufw.
Once UFW is installed, you can reboot the server, and run
sudo ufw status to see the result.
Next, you need set up default policies. By default, UFW should deny all incoming connections and allow outgoing connections. You can set these defaults by running
sudo ufw default deny incoming and
sudo ufw default allow outgoing.
If we enabled the firewall at this point, we wouldn’t be able to connect to it at all. Before we go any further, we will need to create a rule to allow legitimate SSH connections and since this is going to be a web server, we will allow connections for HTTP and HTTPS traffic as well. To enable SSH connections, you can run
sudo ufw allow ssh or
sudo ufw allow 22 and for HTTP and HTTPS, we are also going to open port 80 and 443.
At this point, we can enable UFW by running
sudo ufw enable and if you then run
sudo ufw status, it should look like this …
It is really that easy. Do you have any questions, comments, etc? Feel free to drop a comment, below.