Protect your Linux server with UFW (Uncomplicated Firewall).

Author
By Darío Rivera
Posted On in GNU/Linux Debian
Spanish

As your projects grow, whether it's a SaaS server, a blog, an e-commerce, etc., you need to improve your infrastructure and the security of your servers. One of the simplest ways to improve security is to install a firewall on your servers. In this post we will explain how to carry out a basic configuration for a web with UFW (Uncomplicated Firewall).

Step 1 - Install UFW

To install UFW you must search for the package name in the Linux distribution on which your server is located. In this case we are going to install it on GNU/Linux Debian.

sudo apt install ufw

Step 2 - Configure the default policies

It is very important to understand what the default policies do. UFW by default denies all incoming connections and allows all outgoing connections. This means that anyone who tries to reach your server will not be able to do so, but your server will be able to connect to any other website or resource on the Internet. To make sure this is the case, we can run the following commands:

sudo ufw default deny incoming
sudo ufw default allow outgoing

Step 3 - Check the list of available programs

Once the firewall is installed on the system, it will be disabled by default, and no program will be enabled to pass through it. To see the list of candidate programs to pass through the firewall you can use the following command.

sudo ufw app list

You will see a result similar to the following:

...
OpenSSH
POP3
POP3S
...
WWW
...

The list obtained can be quite long, I have listed some programs that you will most likely want the firewall not to block. If you have a web server, or access via SSH at this time and enable the firewall without enabling these programs first, you will lose access to your web and your server via SSH. I personally use the SSH service mostly on web servers with apache, that's why I use these commands to enable these services.

sudo ufw allow 'WWW Full'
sudo ufw allow OpenSSH

Step 4 - Activate the Firewall

The final step is to activate the firewall with the following command.

sudo ufw enable

If you notice that some service you use has been disabled after activating the firewall, remember that you can deactivate the firewall at any time with the following command.

sudo ufw disable

I hope this brief but useful introduction to the UFW firewall has been helpful to you. See you soon!

Step 5 - Check the firewall status

Finally, you can check the status of the firewall with the following command.

admin@server:/etc/apache2$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
WWW Full                   ALLOW       Anywhere                  
OpenSSH                    ALLOW       Anywhere                  
WWW Full (v6)              ALLOW       Anywhere (v6)             
OpenSSH (v6)               ALLOW       Anywhere (v6)

Acerca de Darío Rivera

Author

Application Architect at Elentra Corp . Quality developer and passionate learner with 10+ years of experience in web technologies. Creator of EasyHttp , an standard way to consume HTTP Clients.

LinkedIn Twitter Instagram

Sólo aquellos que han alcanzado el éxito saben que siempre estuvo a un paso del momento en que pensaron renunciar.

Categories