UFW is used as the firewall on Linux and in my case on Ubuntu server. UFW comes with a UI, but we’re going to use this on a headless server (hence no UI being used).<\/p>\n
Status and enabling\/disabling the firewall<\/strong><\/p>\n Simply run the following to check whether your firewall is active or not<\/p>\n To enable the firewall simply use the following<\/p>\n Use disable<\/em> to disable the firewall (as you probably guessed). <\/p>\n Once enabled run the status<\/em> command again and you should see a list showing which ports we have defined rules for and these will show whether to ALLOW or REJECT connections to port. For example <\/p>\n Allow and reject access<\/strong><\/p>\n We can allow access to a port, reject access to ports and reject outgoing traffic on ports. When we allow, reject incoming or reject outgoing access we’re creating firewall rules.<\/p>\n To allow access to SSH, for example we do the following<\/p>\n This will allow tcp and udp access, but we can be more precise and just allow tcp by using<\/p>\n As you can see from the previous output from the status<\/em> option, we’ve enabled 22\/tcp already.<\/p>\n To reject access to a port we use reject<\/em>. <\/p>\n Note: If you’re access your server using SSH you probably don’t want to reject access to port 22, for obvious reasons, i.e. port 22 is used by SSH and this will block your access via SSH.<\/em><\/p>\n Application profiles<\/strong><\/p>\n UFW includes application profiles which allow us to enable predefined lists of permissions<\/p>\n The applications listed from this command can also be seen by listing \/etc\/ufw\/applications.d, so for example on my system I have a file name openssh-server, if you open this with nano (or your preferred editor), you’ll see an INI file format, for example <\/p>\n We can also use <\/p>\n Replacing OpenSSH with the name of the application profile you want to view<\/em><\/p>\n As you can see, if our application profiles are just INI files, then you can create your own file and place it into the aforementioned folder and make it available to UFW. Once you’ve created your file you’ll need to tell UFW to load the application definitions using<\/p>\n Replace MyApp with your application name in the above.<\/em><\/p>\n Ofcourse once we have these profiles we can allow, reject etc. using the application name, i.e.<\/p>\n Logging<\/strong><\/p>\n By default logging is disabled, we can turn it on using<\/p>\n UFW is used as the firewall on Linux and in my case on Ubuntu server. UFW comes with a UI, but we’re going to use this on a headless server (hence no UI being used). Status and enabling\/disabling the firewall Simply run the following to check whether your firewall is active or not sudo ufw […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[140,307],"tags":[],"class_list":["post-8480","post","type-post","status-publish","format-standard","hentry","category-ubuntu","category-ufw"],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/posts\/8480","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/comments?post=8480"}],"version-history":[{"count":5,"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/posts\/8480\/revisions"}],"predecessor-version":[{"id":9531,"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/posts\/8480\/revisions\/9531"}],"wp:attachment":[{"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/media?parent=8480"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/categories?post=8480"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/putridparrot.com\/blog\/wp-json\/wp\/v2\/tags?post=8480"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\r\nsudo ufw status\r\n<\/pre>\n
\r\nsudo ufw enable\r\n<\/pre>\n
\r\nTo Action From\r\n-- ------ ----\r\n22\/tcp ALLOW Anywhere\r\n80\/tcp ALLOW Anywhere\r\n443\/tcp ALLOW Anywhere\r\n80 ALLOW Anywhere\r\n<\/pre>\n
\r\nsudo ufw allow 22\r\n<\/pre>\n
\r\nsudo ufw allow 22\/tcp\r\n<\/pre>\n
\r\nsudo ufw reject 80\r\n<\/pre>\n
\r\nsudo ufw app list\r\n<\/pre>\n
\r\n[OpenSSH]\r\ntitle=Secure shell server, an rshd replacement\r\ndescription=OpenSSH is a free implementation of the Secure Shell protocol.\r\nports=22\/tcp\r\n<\/pre>\n
\r\nsudo ufw app info OpenSSH\r\n<\/pre>\n
\r\nsudo ufw app update MyApp\r\n<\/pre>\n
\r\nsudo ufw allow OpenSSH\r\n<\/pre>\n
\r\nsudo ufw logging on\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"