Install UFW on Ubuntu 16.04

UFW as a good alternative

In the last article Linux Firewall, I introduced a few tools to you, by which you can manage iptables, the native firewall of Ubuntu. UFW is the one that I would like to show you a bit closer today.
The UFW syntax is the same on every distribution, the only difference is the installation. I will show you the installation using an Ubuntu 16.04 LTS server.

Prepare the server

Create an Ubuntu Server with a cloud provider and connect to it. With gridscale, you can connect directly over the console, so no need of a SSH client. If your provider does not offer this function, you can also install via SSH. Note here, however, that you can easily lock out, if you activate the firewall immediately. Therefore, follow the instructions for the following tutorial to your root account or set sudo before the commands.

Before each installation, it is important to update the server to its current state.

apt -y update && apt -y upgrade

Install UFW and set up for SSH connection

The installation is fairly simple as APT provides the package:

apt -y install ufw

After installation, UFW is deactivated. If you configure your server via SSH, it is important to release SSH before you enable UFW:

ufw allow ssh

This will open the port 22 for both IPv4 and IPv6, and if you enable UFW now, the SSH connection will continue.

UFW control

Basic control:

Turn on:

ufw enable

Turn off:

ufw disable

Request status:

ufw status

Allow connections:
To allow connections, you can specify either the protocol you want to share, the port, or even port ranges. In addition, you can specify ports and protocols only for individual IPs that have been listed.

Attention! The following are examples, please use only if you know what you are doing!

Allow protocol:

ufw allow ssh

Allow port:

ufw allow 22

or

ufw allow 22/tcp

or

ufw allow 22/udp

Allow Port Ranges:

ufw allow 1000:2000

In order to release ports only for certain IPs, use the following command (Attention: This function only makes sense with fixed IPs, and not in case  of using dynamic IPs):

ufw allow 22 from 123.456.789.789

Prohibit connections:
Prohibiting is as easy as permitting. Instead of allow easy deny insert.

Deny protocol:

ufw deny ssh

Deny port:

ufw deny 22

or

ufw allow 22/tcp

or

ufw deny 22/udp

Deny Port Ranges:

ufw deny 1000:2000

or

ufw deny 22 from 123.456.789.789

Delete Rule:
Sometimes it can be useful to delete a rule again. The best way to display all the rules is:

ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
22 (v6)                    ALLOW       Anywhere (v6)

In this example, SSH is allowed. To use this rule simply use the following command:

ufw delete allow ssh

If you have created long rules, it may be easier to use the following commands:

ufw status numbered

All your rules are now displayed to you by number. With the number associated with the rule you want to delete, you can then use the following command:

ufw delete [Nummer]

In the article Linux Firewall, with the overview of the various tools for managing iptables, I have created a table that shows the most important standard ports. If you still do not know which port you need, the command netstat helps you. This shows you information about your network connections, both incoming and outgoing. The -tulpen parameter displays active programs and their ports used. Here you can see, for example, which port your Apache uses.

netstat -tulpen

Summary

A server without active firewall is very precarious, so it is important to configure iptables properly. With UFW this is very easy. But always keep in mind that you do not lock yourself.

.