UFW Explained: Firewall Management on Ubuntu

Ubuntu's Uncomplicated Firewall (UFW) is a user-friendly tool for managing firewall rules. Designed to simplify iptables, UFW helps you secure your system by controlling incoming and outgoing network traffic. 

This guide walks you through the process of configuring and managing UFW step-by-step.

<H2> System Requirements

Before starting, ensure your system meets these requirements:

• Ubuntu 16.04 or later installed.
• Root or sudo privileges.
• A basic understanding of SSH and firewall concepts.

If you're ready, let’s get started.

Configure the Ubuntu Firewall with UFW

Now, let’s dive into configuring your firewall with UFW. 

We’ll walk through the steps one by one, ensuring you understand the rationale behind each action.

Step 1 — Verify IPv6 Functionality

UFW is capable of handling both IPv4 and IPv6 traffic. By default, it supports both, but you might want to ensure that IPv6 is correctly configured and enabled. To verify that IPv6 functionality is active on your system:

• Open a terminal.
  
• Check the system settings for IPv6: 

sudo ufw show raw

• If IPv6 is enabled, you'll see it listed in the output. If not, you can manually enable it by editing the UFW configuration file

sudo nano /etc/default/ufw

• Ensure that IPV6=yes is set. Save the file and close the editor.

Note: If you are not using IPv6, you can disable it by setting IPV6=n.

Step 2 — Establish Default Policies

Next, it’s time to define the default behavior of the firewall. The recommended setup is to deny incoming traffic and allow outgoing traffic, allowing the system to initiate connections but blocking inbound connections unless explicitly allowed.

1. Set the default policies:

sudo ufw default deny incoming
sudo ufw default allow outgoing

These settings ensure that any unsolicited traffic from the outside is blocked, and outgoing traffic from your server is allowed. You can always add rules later to allow specific incoming connections (such as for SSH or HTTP)

Step 3 — Permit SSH Access

One of the first services you'll want to permit is SSH (Secure Shell). If you are managing your server remotely, this is essential for maintaining access to your system.

Allow SSH (port 22) to ensure you can still access the server remotely:

sudo ufw allow ssh

Or using the specific port number:

sudo ufw allow 22

This rule permits incoming traffic on port 22, which is the default port for SSH.

Step 4 — Activate UFW

With the default policies and necessary rules in place, it's time to activate the firewall.

• Enable UFW:

sudo ufw enable

• UFW will now be active, and your firewall settings will be enforced.

Important: Ensure that you've allowed SSH access before enabling UFW, or you may lock yourself out of your system if you're managing it remotely

Step 5 — Configure Additional Connection Rules

You may need to allow additional connections based on the services you want to run on your server, such as web servers (HTTP/HTTPS) or other services.

For example, to allow HTTP (port 80) and HTTPS (port 443), use the following commands:

• Allow HTTP (port 80):

sudo ufw allow http

• Allow HTTPS (port 443):

sudo ufw allow https

You can also specify custom ports or services by number or name, like this:

sudo ufw allow 8080/t

Step 6 — Block Unwanted Traffic

Sometimes you may want to block traffic from specific IP addresses or ranges. For example, if you notice malicious activity or attempts to access your system from an unwanted IP, you can block them using:

• Deny an IP address:

sudo ufw deny from 192.168.1.100

• This will block all incoming traffic from the IP address 192.168.1.100.

You can also block traffic on specific ports or even by country (with additional tools)

Step 7 — Remove Unnecessary Rules

As your system evolves, you may accumulate firewall rules that are no longer needed. It’s important to remove obsolete rules to keep your firewall configuration clean.

• To list all active rules:

sudo ufw status verbose

• To delete a rule, use the delete command. For instance, to remove the SSH rule:

sudo ufw delete allow ssh

• You can also delete specific port rules by using their port number or service name.

Step 8 — Review UFW Status and Configurations

It's a good practice to periodically review the status of your firewall and confirm that the rules are as you expect.

• To check the status of UFW:

sudo ufw status verbose

This command provides a detailed overview of your current UFW settings, including active rules and default policies.

• If you've made changes, review and adjust the rules to ensure no security holes exist

Step 9 — Disable or Reset UFW Settings

If at any point you wish to disable the firewall (e.g., for troubleshooting purposes), you can easily do so:

• To disable UFW:

sudo ufw disable

• To reset UFW to its default configuration (removing all rules):

sudo ufw reset

• After resetting, you will need to re-enable UFW and configure the necessary rules again.

Final Thoughts

UFW offers an easy and effective way to secure your Ubuntu system by managing firewall rules. By setting up default policies, allowing necessary services, and blocking unwanted connections, you can significantly reduce the attack surface of your server or desktop.

Remember to regularly review your firewall configuration to keep it up to date with your network needs and security best practices. With UFW, managing your firewall on Ubuntu becomes a streamlined and manageable task, allowing you to focus on your core tasks without worrying about complex firewall configurations.