Security in today’s modern age of computing is critical and there is no one security solution to solve things. Instead, it is about laying the security technologies and best practices to minimize the potential attack surface as much as possible. On that note it is critical choose what services should and shouldn’t be exposed to the internet. Firewall are used to help facilitate what are and aren’t accessible. In this blog post we will take a look at the UFW firewall from getting it setup, configuration, and troubleshooting.
What Is A Firewall
A firewall filters network traffic on a computer network to allow and deny designated traffic.
Did You Know?
Most software firewalls on Linux are a front-end that utilizes iptables or nftables on the backend. The backend then interfaces with netfilter in the Linux kernel to enforce the rules.
Introduction To the UFW Firewall
UFW is a software firewall that stands for uncomplicated firewall, it provides a user-friendly interface to create firewall rules. It originally was built for Ubuntu but since then has been brought to most Linux distributions. It provides a simple command line interface for those who find firewall configure a bit hard to grasp while still providing features advanced users need.
Key Features Of UFW
- Simplicity
- Ease of use
- Sensible defaults
- IPv6 Support
Things To Be Aware Of
- By default UFW Allows Ping
- You should only have one Linux firewall installed and running at a time.
Getting UFW Up And Running
Installation
The UFW firewall should be available for most Linux distributions under the package name ufw, here are some example installation commands for popular package managers.
The Apt Package Manager
sudo apt install ufw
Note for Ubuntu Users: For newer Ubuntu installations UFW may be preinstalled.
The DNF Package Manager
sudo dnf install ufw
The Service
To Start and Enable the service you can use the built-in enable sub-command shown below.
sudo ufw enable
You should see the message below.
Firewall is active and enabled on system startup
For IPv6
I recommend confirming that UFW is configured for IPv6 if you have been or are planning on using IPv6.
Run the following command to open the file in nano or similarly open the file with your text editor of choice.
sudo nano /etc/default/ufw
In the file confirm the IPV6 variable is set to yes as shown below.
IPV6=yes
Listing Firewall Rules
To List firewall rules append status to the ufw command as shown below:
sudo ufw status
If you would like more information like the default policies append verbose to the command.
sudo ufw status verbose
Notice the default rule for incoming connections. If you stick with this it means to only need to worry about what you want to allow for incoming traffic.
Adding Allow Rules
Below are many examples of firewall rules for UFW. These are all focused on inbound traffic because UFW has a default allow policy for outgoing traffic. Note the IP address shown below is just an example.
To allow a port
sudo ufw allow 35517
To allow a port for a specific protocol
sudo ufw allow 35517/[protocol]
Replace with the [protocol] like tcp or udp.
To allow a port range
sudo ufw allow 35517:35587/[protocol]
To allow by service
sudo allow https
UFW allows you to allow by services as well as ports. Though it should be notes that these need to be defined in /etc/services.
Whitelist all ports from an IP
sudo allow from 198.51.100.100
Allow a whole subnet for all ports
sudo allow from 198.51.100.0/24
Specific IP to a specific port
sudo ufw allow from 198.51.100.100 to any port 35517
Specific IP to a specific port and protocol
sudo ufw allow from 198.51.100.100 to any port 35517 proto tcp
Allow from specific network interface and port
sudo ufw allow in on wg0 to any port 35517
Adding Comments To Rules
To add a comment to the rule append comment and enclose the comment in single quotes.
sudo ufw allow 35517/tcp comment 'This is a comment'
Adding Deny Rules
If you use default incoming policy of deny there is no need to worry about deny rules for incoming traffic. That said it is simple to turn the examples in the allow section to deny rules, simply replace allow with deny.
Delete Firewall Rules
To delete a firewall rule simply add delete right after you call ufw in the command like so.
Say we just added the following rule:
sudo ufw allow from 198.51.100.100 to any port 35517
To delete we add delete between ufw and allow like so
sudo ufw delete allow from 198.51.100.100 to any port 35517
Run Into Issues?
- Check the logs
- If you’re running into issues with specific traffic first check the log at /var/log/ufw.log.
- Confirm the issue is firewall related
- You can disable ufw to narrow things down using the following command:
sudo ufw disable
- Make sure to enable the firewall after testing using:
sudo ufw enable
- You can disable ufw to narrow things down using the following command:
- If nothing else works you can always reset the firewall back to defaults, but this means clearing out any and all rules in place so make sure to document them first.
- To reset UFW to defaults use
sudo ufw reset
- To reset UFW to defaults use
Conclusion
Software firewalls are am important layer in security by reducing the attack surface which is extremely important for systems directly connected to the internet. In this blog post we have taken a look at the UFW firewall. From getting to know UFW, installation, listing rules, adding rules, and troubleshooting tips
Additional Links
Done reading and looking for other things to read why not check these out?
Embracing a lifelong passion for technology since childhood, CJ delved into the intricate workings of systems, captivated by the desire to understand the unknown. This innate curiosity led to his discovery of Linux, a revelation that resonated deeply. With more than 7 years of on the job experience, he’s honed his technical skills as a Geek and Senior Linux Systems Administrator.
Leave a Reply