Ubuntu Server Firewall Overview
The Ubuntu kernel uses the Netfilter system. This is a system which is used to decide what to do with network traffic that hits the server.
To control the Netfilter system rules, we have access to iptables which will define what to do when a packet hits your server.
However, iptables are not the most user friendly of things, and as such, Ubuntu is shipped with UFW (Uncomplicated Firewall). This gives you a much simpler way to manage your firewall.
Using the UFW commands
Using UFW is simple, if you want to enable it (switch it on), simply type sudo ufw enable into the terminal, and, if you want to disable it (switch if off), simply type sudo ufw disable.
Managing your port security is just as straightforward. You can type sudo ufw allow 22 to allow port 22 (replace the port number with whatever you need) and you can block a port by typing sudo ufw deny 22.
You can check the status of your firewall (and all rules that have been applied to it) by typing sudo ufw status into the terminal. This will let you know if the firewall is enabled and all of the allowed / denied ports.
Once you’ve seen the list of rules, you might want to delete one, you can do this by typing sudo ufw delete deny 22 or sudo ufw delete allow 22.
You can also specify what to do with specific hosts or networks. For example, I can allow SSH access from a particular IP address by typing sudo ufw allow proto tcp from IPADDRESS to any port 22 into the terminal.
Firewall logs help you to recognise attacks, troubleshoot your firewall rules and notice unusual activity on your network. These aren’t automatically generated though, you’ll need to turn them on, which is simple, just type sudo ufw logging on. If you then want to switch them off, you can do so by typing sudo ufw logging off.
You can find the logs in /var/log/messages, var/log/syslog and /var/log/kern.log.
This article was brought to you by Netshock. Netshock aim to provide technology guides and insight to our readers.