How To Configure Firewall Ubuntu 18.04 Bionic Beaver

image_pdfimage_print

Step 1: Configure firewall (UFW)

1.1 Run commands in root

sudo su

1.1.a Enable the firewall

sudo ufw enable
root@srv6:/# sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y 

Type “Y” to proceed

1.1.b Deny incoming traffic

sudo ufw default deny incoming
root@srv6:/# sudo ufw default deny incoming
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)
root@srv6:/#

1.1.c Allow outgoing traffic

sudo ufw default allow outgoing
root@srv6:/# sudo ufw default allow outgoing
Default outgoing policy changed to 'allow'
(be sure to update your rules accordingly)
root@srv6:/#

1.2 Allow default SSH connection on port 22

sudo ufw allow ssh
root@srv6:/# sudo ufw allow ssh
Rule added
Rule added (v6)
root@srv6:/#

NOTE: If you are using a different port then use the statement below

sudo ufw allow "your-port"
root@srv6:/# sudo ufw allow 888
Rule added
Rule added (v6)
root@srv6:/#

1.3 Check firewall status

sudo ufw status
root@srv6:/# sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
888                        ALLOW       Anywhere
22/tcp                     ALLOW       Anywhere
888 (v6)                   ALLOW       Anywhere (v6)
22/tcp (v6)                ALLOW       Anywhere (v6)

root@srv6:/#

Step 2: Deleting rules

2.1 Determine firewall rule

sudo ufw status numbered
root@srv6:/# sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 888                        ALLOW IN    Anywhere
[ 2] 22/tcp                     ALLOW IN    Anywhere
[ 3] 888 (v6)                   ALLOW IN    Anywhere (v6)
[ 4] 22/tcp (v6)                ALLOW IN    Anywhere (v6)

root@srv6:/#

2.2 Delete rule

sudo ufw delete 1

2.2.a Repeat for ipv6 rule

Useful firewall rules

Enable HTTP

sudo ufw allow http

Enable HTTPS

sudo ufw allow https

Deny HTTP

sudo ufw deny http

Allow specific range of TCP ports

sudo ufw allow 800:900/tcp

Allow specific range of UDP ports

sudo ufw allow 800:900/udp

Allow specific IP Addresses

sudo ufw allow from 172.168.10.1

Allow specific IP Addresses from a subnet

sudo ufw allow from 172.168.10.1/24

Allow specific IP Addresses and port

sudo ufw allow from 172.168.10.1 to any port 8080

Allow specific IP Addresses from a subnet and port

sudo ufw allow from 172.168.10.1/24 to any port 8080

Allow trafic to a specific network interface

sudo ufw allow in on eth0 to any port 80

Reload firewall rules

sudo ufw reload

Restart UFW

sudo ufw disable
sudo ufw enable
image_pdfimage_print

Donate