Published on: August 8, 2019 by Travis Ville
Managing firewall using the only tables can be a daunting task and it takes time to be proficient. Many frontends for iptables have been created over the years targeting different audiences. UFW is a frontend for iptables and is particularly well-suited for host-based firewalls. UFW or Uncomplicated Firewall is developed to provide an easy-to-use interface for IPv4 or IPv6 host-based firewall. It provides a command-line interface for manipulating the firewall.
For Ubuntu, ufw is the default firewall configuration tool but it is disabled by default. UFW is not available in centos by default but it is available in the EPEL repository. UFW is a wrapper for iptables and netfilters.
UFW is available in most Ubuntu-based distributions. If it is not available you can install it using the following command.
# apt-get install ufw -y
UFW is not available in centos by default. EPEL repository needs to be installed first. You can install the same using the following command.
# yum install epel-release -y
Once the EPEL repository is installed, UFW can be installed using the following command.
# yum install --enablerepo="epel" ufw -y
You can check the installation by running the following command.
# ufw --version ufw 0.35 Copyright 2008-2015 Canonical Ltd.
The status of UFW can be checked anytime using the following command. Initially, the UFW will be inactive.
# ufw status Status: inactive
If the UFW is active then it will show the list of all rules.
# ufw status Status: active To Action From -- ------ ---- 3333 ALLOW 22.214.171.124 22 ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6)
To prevent yourself from locking out if you are working over SSH, you should set up the basic rules first and then enable UFW.
To allow both incoming and outgoing connections on port 22 (or any port) for SSH, you can use the following command.
# ufw allow ssh or # ufw allow 22 or # ufw allow <port number>
The following command can be used to enable UFW and enforce your firewall rules.
# ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)?y Firewall is active and enabled on system startup
Similarly, UFW can be disabled by using the following command.
# ufw disable Firewall stopped and disabled on system startup
If the server is configured for Ipv6 then UFW must be configured to support Ipv6 so that it will be configured for both IPv4 and IPv6. In order to configure the same open the UFW configuration file “/etc/default/ufw”.
# vi /etc/default/ufw
Make sure that “IPV6” is set to “yes”.
You will need to ‘disable’ and then ‘enable’ the firewall (restart your firewall) for the changes to take effect.
# ufw disable # ufw enable
UFW logging can be enabled using the following command.
# ufw logging on Logging enabled
Similarly, logging can be disabled using the following command.
# ufw logging off Logging disabled
A normal log entry in “/var/log/ufw.log” is given below.
May 24 12:39:11 sage2 kernel: [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=126.96.36.199 DST=10.212.135.1 LEN=83 TOS=0x00 PREC=0x00 TTL=63 ID=41805 DF PROTO=TCP SPT=443 DPT=33463 WINDOW=136 RES=0x00 ACK PSH URGP=0
The log values can be explained as below :
You should have installed and configured UFW on your server now. Using UFW you will be able to protect your server from most common attacks. Make sure to allow all incoming connections that are necessary for the proper functioning of the server.
Category : Firewalls, Security