Every computer connect to internet should have firewall (Uncomplicated Firewall). Luckily there’s a super easy one in Ubuntu that can be set up in just few clicks.
First check the status
root@vmware:/# ufw status Status: inactive
Firewall is disabled at the moment.
First make sure you enable services that you know you’ll be using – in most cases this will be SSH and Apache.
root@vmware:/# ufw allow 'Apache Full' Rules updated Rules updated (v6) root@vmware:/# ufw allow 'OpenSSH' Rules updated Rules updated (v6)
Now that you have enabled SSH you can also enable the firewall.
root@vmware:/# ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y Firewall is active and enabled on system startup
You can easily view list of active rules like this
root@vmware:/# ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] Apache Full ALLOW IN Anywhere
[ 2] OpenSSH ALLOW IN Anywhere
[ 3] Apache Full (v6) ALLOW IN Anywhere (v6)
How to enable custom SSH port
In many cases you won’t use the default SSH port, but rather something like 2020, in that case, you need to do this
root@vmware:/# ufw allow 2020/tcp Rule added Rule added (v6)
How to block an IP address
If you want to block an IP address, you need to make sure to place this rule at very top of the list. UFW looks through the list and it stops after it finds first match. That means adding an IP at the bottom of the list won’t prevent it from accessing Apache port.
Here is the right way to do it
root@vmware:/# ufw insert 1 deny from 12.12.12.12 Rule inserted root@vmware:/# ufw status Status: active To Action From -- ------ ---- Anywhere DENY 12.12.12.12 Apache Full ALLOW Anywhere OpenSSH ALLOW Anywhere
Now you can be 100% sure that 12.12.12.12 can’t access port on your Ubuntu.
How to delete a rule
You need to do a numbered list first.
root@vmware:/# ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] Anywhere DENY IN 12.12.12.12
[ 2] Apache Full ALLOW IN Anywhere
[ 3] OpenSSH ALLOW IN Anywhere
[ 4] 2020/tcp ALLOW IN Anywhere
[ 5] 2020/tcp (v6) ALLOW IN Anywhere (v6)
Lets say you want to remove the 3th rule, access to OpenSSH ( port 22 ), then you do
root@vmware:/# ufw delete 3
How to enable remote MySQL connect
root@vmware:/# ufw allow 3306/tcp Rule added Rule added (v6)
It’s an amazing piece of writing in support of all the online people;
they will get advantage from it I am sure.