When administering servers, one of the first things that must be configured to increase the security of them is to configure a Firewall, Luckily in Linux is included a default called Iptables but this firewall many see it a bit complex to configure and manage. There are simpler alternatives to use, such as UFW.
UFW is actually a CLI or command-line interface for the Iptables Firewall that includes Linux, this interface provides us with a slightly easier way to manage and configure Iptables. For UFW there is even a GUI or graphics interface called GUFW which we could use on a desktop PC or Laptop to manage and configure the firewall.
Installation of UFW on the server
To install it, just write the command to a terminal –
$ sudo apt-get install ufw
By default, UFW is disabled after installation, so we can see its status with the command –
$ sudo ufw status verbose
Basic configurations of UFW
Some of the basic configurations that we can use in UFW to ensure our servers are.
The default rules are, as the name implies, a series of standard rules that facilitate the configuration of the Firewall, these rules allow us to specify if we want to allow or deny incoming traffic or outgoing traffic, in addition to some other rules.
A very good configuration that in fact uses GUFW is hardly installed on a PC, it is to deny all incoming traffic and allow outgoing traffic.
We can adjust this with the following commands:
$ sudo ufw default deny incoming
To deny all incoming traffic.
$ sudo ufw default allow outgoing
With these two configurations, a PC is quite protected as well as a server, but if we want to increase security we could also deny outgoing traffic for greater security, of course with the disadvantage that you will have to be aware of which applications require a rule of outbound traffic to be able to function properly.
Suppose we are configuring the firewall on our server and deny all incoming traffic. How are we going to remotely connect to it via SSH? We need to apply a rule that allows us to connect to port 22.
For this, we use the option allow and we specify the port to which we want to allow the incoming traffic and the TCP protocol that it uses:
$ sudo ufw allow 22/tcp
UFW comes with some set of preset rules that we can use by its name, for example, the previous command tries to open the port 22that is known to be the port used for SSH connections, this rule could also be enabled with the command:
$ sudo ufw allow ssh
In the same way, we could use other pre-established rules for known services such as HTTP using the port 80, HTTPS using the port 443, etc.
It is also possible that you want to allow incoming traffic not only to a port but to a range of these, an example of this could be with the Mosh application that requires the range of ports that goes from 60000 the port to 61000 the protocol to be opened udp.
We could apply this by writing something like:
$ sudo ufw allow 60000:61000/udp
In the same way that we allow incoming connections, we can deny those connections.
Suppose we have a default rule in which all incoming traffic is allowed (NOT recommended), but we want to deny incoming traffic only in a certain port, we could apply that configuration with something like:
$ sudo ufw deny 22/tcp
In the same way, we could do it to deny a port range.
$ sudo ufw deny 60000:61000/udp
Suppose we have configured the SSH server to use the port 2222 instead of the 22 previously opened port, we should delete the previous rule in which the port was allowed 22. This could be done with the following command:
$ sudo ufw delete allow 22/tcp
In a similar way we could do it if it is a range of ports:
$ sudo ufw delete allow 60000:61000/udp
If for example, we have a set of rules established with UFW of which we want to eliminate some but do not know how to perform such elimination because it is some kind of complex rule, we could list them with the command:
$ sudo ufw status numbered
What would give us a set of numbered rules like these:
As noted above, the rules are numbered, so we could use that number to eliminate a specific rule:
$ sudo ufw delete 5
What will eliminate the last rule listed?
Activating and deactivating UFW:
Once all the rules are configured and we make sure that everything is correct, we proceed to activate the firewall with the command:
$ sudo ufw enable
With this, we will have UFW active and protecting the connections with the rules that we have specified.
In case you want to disable UFW, type the command:
$ sudo ufw disable
If for some reason you require that all the rules applied to be eliminated –
$ sudo ufw reset
These are just some of the basic configurations of UFW with which we can add a good layer of security to our PCs and servers. There are also advanced configurations that can be used to further improve security or to perform some kind of specific task.