SM Linux 101 - firewall


Published on 2020-01-06 #tech

Firewall is a utility that is used to filter packet traffic in a network. It is used to whitelist traffic certain ports. Moreover, the protool used can also filtered.

Whitelisting is the process of denying all traffic except a choice few. This can be used to secure your server by restricting access to ports and services you don’t want to be public.

You could allow certian ports to be available only from certain IP’s. In this way, you can allow a trusted network to have access to your services while denying access from other IPs.

Iptables is the command line utility used to manage the linux’s kernel level firewall. Though, the kernel firewall can be configured using iptables command. It is often configured using a frontend.

Uncomplicated Firewall (ufw)

Ufw or the aptly named Uncomplicated Firewall is an easy to use fronted to iptables.

Install

This is the default firewall in ubuntu and debian and it should be installed by default.

If you do use other linux distributions, it should be easy enough to find the required package to install. In archlinux, it can be installed by running the following command.

sudo pacman -S ufw

Once installed, the utility is inactive by default and needs to be enabled to use. But be careful, if you are setting up the service on a server via SSH, you must allow ssh before enabling Ufw otherwise you might find yourself locked out of your machine.

Enable and Disable

The utility is enabled in two steps, you need to make sure that the ufw.service unit is enabled started in systemd. You can use the following command to do that.

sudo systemctl enable --now ufw.service

the --now flag also starts the service after enabling it.

Now that the ufw daemon is up and running, it is time to enable the firewall by using

sudo ufw enable

You can check the ufw status using the sudo ufw status command.

To disable the firewall simply run the sudo ufw disable

Configuring your firewall

sudo ufw status will show you the list of rules that are active. This can be changed using the following commands.

command description
sudo ufw allow RULE Allow traffic that matches given rule
sudo ufw deny RULE Deny traffic that matches given rule
sudo ufw reject RULE rejects traffic that matches given rule
sudo ufw limit RULE deny if more than 5 requests in the last 30 seconds
sudo ufw delete RULE delete a given rule

Rule Syntax

The rules can be specified as a string that includes the port number and optionally the protocol.

For example the rule for SSH can is 22/tcp, where 22 is the port used by ssh servers by default and tcp is the protocol that is used. If a protocol is not specified, both tcp and udp protocols would satisfy the rule.

So if you would like to enable ssh access to the machine, you can run the following command:

sudo ufw allow 22/tcp

In case of services like ssh, you can also use the service name to use the list of known services by ufw. This list can be found in /etc/services.

sudo ufw allow ssh
# equivalent to
# sudo ufw allow 22/tcp

sudo ufw allow http
# sudo ufw allow 80/tcp
sudo ufw allow https
# sudo ufw allow 443/tcp

This list only specifies the default ports. If you use different ports, please set the rules by yourself.

The full syntax can be used to specify a bit more information and more intricate rules.

For example, to allow ssh in the full syntax, you use the following command:

sudo ufw allow proto tcp to any port 22

The rules can also be specified using a full syntax. It lets you configure the firewall in more intricate manner. But most cases the simple syntax explained here should suffice. If you would like learn more about the other capabilities of or the full syntax a simple command will help you man ufw.

Sri's avatar

Hi, I am Srivathsan Murali. I am a software engineer and a tabletop enthusiast.

email
sri@vathsan.com

github
srivathsanmurali

sourcehut
~srivathsan

linkedin
srivathsanm

You can find my resume here. [HTML]

The content for this site is CC-BY-SA.