Firewall is a utility that is used to filter packet traffic in a network. It is used to whitelist traffic certain ports. Moreover, the protool used can also filtered.
Whitelisting is the process of denying all traffic except a choice few. This can be used to secure your server by restricting access to ports and services you don’t want to be public.
You could allow certian ports to be available only from certain IP’s. In this way, you can allow a trusted network to have access to your services while denying access from other IPs.
Iptables is the command line utility used to manage the linux’s kernel level firewall. Though, the kernel firewall can be configured using iptables command. It is often configured using a frontend.
Uncomplicated Firewall (ufw)
Ufw or the aptly named Uncomplicated Firewall is an easy to use fronted to iptables.
This is the default firewall in ubuntu and debian and it should be installed by default.
If you do use other linux distributions, it should be easy enough to find the required package to install. In archlinux, it can be installed by running the following command.
sudo pacman -S ufw
Once installed, the utility is inactive by default and needs to be enabled to use. But be careful, if you are setting up the service on a server via SSH, you must allow ssh before enabling Ufw otherwise you might find yourself locked out of your machine.
Enable and Disable
The utility is enabled in two steps, you need to make sure that the
ufw.service unit is enabled started in systemd. You can use the
following command to do that.
sudo systemctl enable --now ufw.service
--now flag also starts the service after enabling it.
Now that the ufw daemon is up and running, it is time to enable the firewall by using
sudo ufw enable
You can check the ufw status using the
sudo ufw status command.
To disable the firewall simply run the
sudo ufw disable
Configuring your firewall
sudo ufw status will show you the list of rules that are active. This
can be changed using the following commands.
||Allow traffic that matches given rule|
||Deny traffic that matches given rule|
||rejects traffic that matches given rule|
||deny if more than 5 requests in the last 30 seconds|
||delete a given rule|
The rules can be specified as a string that includes the port number and optionally the protocol.
For example the rule for SSH can is
22/tcp, where 22 is the port used
by ssh servers by default and tcp is the protocol that is used. If a
protocol is not specified, both tcp and udp protocols would satisfy the
So if you would like to enable ssh access to the machine, you can run the following command:
sudo ufw allow 22/tcp
In case of services like ssh, you can also use the service name to use the list of known services by ufw. This list can be found in /etc/services.
sudo ufw allow ssh # equivalent to # sudo ufw allow 22/tcp sudo ufw allow http # sudo ufw allow 80/tcp sudo ufw allow https # sudo ufw allow 443/tcp
This list only specifies the default ports. If you use different ports, please set the rules by yourself.
The full syntax can be used to specify a bit more information and more intricate rules.
For example, to allow ssh in the full syntax, you use the following command:
sudo ufw allow proto tcp to any port 22
The rules can also be specified using a full syntax. It lets you
configure the firewall in more intricate manner. But most cases the
simple syntax explained here should suffice. If you would like learn
more about the other capabilities of or the full syntax a simple command
will help you