A Guide to the Linux Firewall

March 13, 2021   • linux how-to

When you are trying to set up a new Linux server, dealing with firewalls can get quite overwhelming. Here’s a beginner’s guide to firewalls on Linux.

Traffic into or out of a computer is filtered through “ports,” which are relatively arbitrary designations appended to traffic packets destined for use by a particular application.

By convention, some ports are routinely used for particular types of applications. For example, port 80 is generally used for insecure web browsing and port 443 is used for secure web browsing.

Traffic to particular applications can be allowed or blocked by “opening” or “closing” (i.e. filtering) the ports designated for a particular type of traffic. If port 80 is “closed,” for example, no (insecure) web browsing will be possible.

The default firewall configuration tool for Ubuntu is ufw. It stands for uncomplicated firewall. Developed to ease iptables firewall configuration, ufw provides a user-friendly way to create an IPv4 or IPv6 host-based firewall. By default ufw is disabled.

By default, ufw will block all of the incoming connections and allow all outbound connections. This means that anyone trying to access your server will not be able to connect unless you specifically open the port, while all applications and services running on your server will be able to access the outside world.

Install Uncomplicated Firewall:

sudo apt install ufw

Allow SSH before enabling the firewall, otherwise you will lock yourself out.

sudo ufw allow ssh

If SSH is running on a different port than the default 22, use

sudo ufw allow 23/tcp

Enable Firewall:

sudo ufw enable

Check status:

sudo ufw status verbose

e.g. If everything worked so far, you will get the following output

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere
22/tcp (v6)                ALLOW IN    Anywhere (v6)

Open a specific application protocol on the default port:

sudo ufw allow http

Open a specific port:

sudo ufw allow 80/tcp

Allow connections for an application profile, such as NGINX:

sudo ufw allow 'Nginx'

To check which application profiles are installed,

sudo ufw app list

Only allow connection from certain IP address:

sudo ufw allow from (to any port 80)

Deny all connections from certain IP address:

sudo ufw deny from (to any port 80)

Delete firewall rules:

sudo ufw deny 80/tcp

or, first get a numbered list of all rules and then delete it:

sudo ufw status numbered 
sudo ufw delete 3

Source: UFW documentation