UFW - Uncomplicated Firewall

Setup of UFW on Precise Pangolin LTS 12.04 (Ubuntu)

Steps

The steps below will make the firewall active, but almost non-existent. This is a better way to start in my opinion especially for a soft firewall. My router takes care of the hard firewall and only ports that need to be open or open, so it begs to setup another filter here. So (at least for me) the sole purpose of this firewall is to block specific (also read dynamic) incoming (or may be even outgoing) traffic. If I notice a particular IP is attempting to break in, then I will add a rule and so on. Also I like the LIMIT feature that ufw has.

Basic setup

Setup basic firewall - net result zero effect

ufw status
ufw default allow incoming
ufw default allow outgoing
ufw enable
ufw status

Basic setup - Command and Typical responses

Same as above

[root@someserver]:/etc/ufw[2]# ufw status
Status: inactive
[root@someserver]:/etc/ufw[2]# ufw default allow incoming
Default incoming policy changed to 'allow'
(be sure to update your rules accordingly)
[root@someserver]:/etc/ufw[2]# ufw default allow outgoing
Default outgoing policy changed to 'allow'
(be sure to update your rules accordingly)
[root@someserver]:/etc/ufw[2]# ufw enable
Firewall is active and enabled on system startup
[root@someserver]:/etc/ufw[2]# ufw status
Status: active

Deny a single IP

For All ports and protocols

Below is to show how to setup rule to deny a single IP. And then to delete the rule as well.

[root@someserver]:~[1]# ufw deny from 192.168.1.101
Rule added

[root@someserver]:~[1]# ufw status
Status: active

To                         Action      From
--                         ------      ----
Anywhere                   DENY        192.168.1.101


[10:00:12 PM][root@someserver]:~[1]# ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] Anywhere                   DENY IN     192.168.1.101


[root@someserver]:~[1]# ufw delete 1
Deleting:
 deny from 192.168.1.101
Proceed with operation (y|n)? y
Rule deleted

To a Port for All protocols

Denying a single IP to a single port for all protocols (tcp/udp/etc)

[root@someserver]:~[1]# ufw deny from 192.168.1.100 to any port 22
Rule added

[root@someserver]:~[1]# ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22                         DENY IN     192.168.1.100

To a Port for a protocol

Denying a single IP to a single port for a protocol. In this example we use ssh/22 with tcp protocol.

[root@someserver]:~[1]# ufw deny from 192.168.1.100 to any port 22 proto tcp
Rule added

[root@someserver]:~[1]# ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     DENY IN     192.168.1.100

Limit connections

Command to limit ssh connections on tcp port to 6 connections only every 30 seconds. UFW does the 6/30 by default.

[root@someserver]:~[1]# ufw limit ssh/tcp
Rule added
Skipping unsupported IPv6 'limit' rule
[root@someserver]:~[1]# ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     LIMIT       Anywhere

Checking the changes in the config file. The following file /lib/ufw/user.rules changes after this new rule as below:

The following lines are added

### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set
-A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
-A ufw-user-input -p tcp --dport 22 -j ufw-user-limit-accept

Notice the “–seconds 30 –hitcount 6” in the command. This can be updated manually (I think) - not sure. I have done it and it seems to work. Do it your own risk! If you do update you will have to use the reload command

ufw reload

Firewall reset

The reset to factory defaults use the below command. This also makes the firewall inactive as this was the original configuration.

[06:26:17 AM][root@someserver]:~[1]# ufw reset
Resetting all rules to installed defaults. Proceed with operation (y|n)? y
Backing up 'user.rules' to '/lib/ufw/user.rules.20130716_062632'
Backing up 'after6.rules' to '/etc/ufw/after6.rules.20130716_062632'
Backing up 'user6.rules' to '/lib/ufw/user6.rules.20130716_062632'
Backing up 'before6.rules' to '/etc/ufw/before6.rules.20130716_062632'
Backing up 'after.rules' to '/etc/ufw/after.rules.20130716_062632'
Backing up 'before.rules' to '/etc/ufw/before.rules.20130716_062632'

So after this operation you would want to redo the Basic setup.

Other considerations


QR Code
QR Code tech:linux:ufw (generated for current page)