Linux Firewall UFW – Made simple
I want to run web Server Locally and safeguard my webserver decided to use UFW ( old school it was iptables – behind UFW).
What is UFW ?
UFW (Uncomplicated Firewall) – it is available from Ubunut 15.X
Install UFW simple on Linux
I am using ubuntu most famous distro and most people use easy ( copy of debian).
#apt-get install ufw
by dfault it was disabled as service – enable service.
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
Checking the Service running or not by issuing below command :
#ufw status verbose
UFW Deny Command
The “deny” command works similar to the “allow” command and is used to close a port in the firewall:
Deny with Port option:
#ufw deny 80
Allow a Port Range
You can allow a range of ports in UFW. Some services like FTP or IRC use a range of ports to communicate with its clients.
For this example we will allow the port range that used range is port 3000 to 7000.
#ufw allow 3000:7000/tcp
#ufw allow 3000:7000/udp
The command will allow connections to ports 3000-7000 via TCP and UDP protocol.
Allow a specific IP Address
And you can add a specific IP to allow access to all services by adding the “from” option.
#ufw allow from 192.168.1.81
If you want to allow all IP addresses on your subnet, you can add the IP subnet (range of IP addresses) to the UFW command like this:
#ufw allow from 192.168.1.0/24
If you have a complex rule then there is a simple way to identify and delete the rule by its rule ID. Run the following command to get a list of all rules with their ID’s:
#ufw status numbered
Now delete the SSH rule for IPv6 only by using the number of the rule:
#ufw delete 1
Note : make you list again befre deleting another rule, since numbers are changed after deleting
Disable and Reset UFW
Firewall stopped and disabled on system startup
The UFW status command.
If you want to turn off UFW completely and delete all the rules, you can use “reset” command:
#ufw reset – make you understand this before executing, this will remove all rules