How To Configure Firewall Ubuntu 16.04

Step 1: Configure firewall (UFW)

1.1 Run commands in root

sudo su

1.2 Enable the firewall

sudo ufw enable
root@srv6:/# sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
root@srv6:/#

1.3 Deny incoming traffic

sudo ufw default deny incoming
root@srv6:/# sudo ufw default deny incoming
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)
root@srv6:/#

1.4 Allow outgoing traffic

sudo ufw default allow outgoing
root@srv6:/# sudo ufw default allow outgoing
Default outgoing policy changed to 'allow'
(be sure to update your rules accordingly)
root@srv6:/#

1.5 Allow default SSH connection on port 22

sudo ufw allow ssh
root@srv6:/# sudo ufw allow ssh
Rule added
Rule added (v6)
root@srv6:/#

NOTE: If you are using a different port then use the statement below

sudo ufw allow 999
root@srv6:/# sudo ufw allow 999
Rule added
Rule added (v6)
root@srv6:/#

1.6 Check firewall status

sudo ufw status
root@srv6:/# sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
999                        ALLOW       Anywhere
22 (v6)                    ALLOW       Anywhere (v6)
999 (v6)                   ALLOW       Anywhere (v6)

root@srv6:/#

Step 2: Deleting rules

2.1 Determine firewall rule

sudo ufw status numbered
root@srv6:/# sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22                         ALLOW IN    Anywhere
[ 2] 999                        ALLOW IN    Anywhere
[ 3] 22 (v6)                    ALLOW IN    Anywhere (v6)
[ 4] 999 (v6)                   ALLOW IN    Anywhere (v6)

root@srv6:/#

2.2 Delete rule

sudo ufw delete 1
root@srv6:/# sudo ufw delete 1
Deleting:
 allow 22
Proceed with operation (y|n)? y
Rule deleted
root@srv6:/#

Repeat for ipv6 rule

Useful firewall rules

Enable HTTP

sudo ufw allow http

Enable HTTPS

sudo ufw allow https

Deny HTTP

sudo ufw deny http

Allow specific range of TCP ports

sudo ufw allow 800:900/tcp

Allow specific range of UDP ports

sudo ufw allow 800:900/udp

Allow specific IP Addresses

sudo ufw allow from 172.168.10.1

3.7 Allow specific IP Addresses from a subnet

sudo ufw allow from 172.168.10.1/24

Allow specific IP Addresses and port

sudo ufw allow from 172.168.10.1 to any port 8080

Allow specific IP Addresses from a subnet and port

sudo ufw allow from 172.168.10.1/24 to any port 8080

Allow trafic to a specific network interface

sudo ufw allow in on eth0 to any port 80

Donate