Setting Up a Simple Firewall

firewall Aug 02, 2020

This post illustrates how to set up a simple firewall (UFW) in Debian OS (or basically any other linux operating system).

UFW (Uncomplicated Firewall) is a basic front-end for managing iptable rules. Its main goal is to make managing iptables easier. Click here to learn more about IPTables and UFW.

Prerequisites: Only Root user or a user with sudo privileges can make changes to the firewall. The below codes are used for installation on Debian 10. For other OS, please check here.

Installation

sudo apt update && apt upgrade -y
sudo apt install ufw -y

Configuration

The installation will not activate post completion. This is to safeguard the users from getting locked out of their ssh sessions (as is the case when working with linux servers).

We first need to configure the basic ports being used and default rules:

sudo ufw default deny
sudo ufw allow 22/tcp [or any other port being used for SSH]
sudo ufw allow 80/tcp [if used for http]
sudo ufw allow 443/tcp [if used for https]
...

UFW rules can also be modified based on application profiles. Most of the applications ship with an application profile that describes the service and contains UFW settings. These profiles can be listed by:

sudo ufw utf --help

And more information about each application profile can be found by using:

sudo ufw app info [Application Name]

UFW rules can be changed using application profile, such as OpenSSH, as following:

sudo ufw allow OpenSSH
or
sudo ufw deny OpenSSH

To whitelist traffic from a certain IP, the following command can be used:

sudo ufw allow from [IPv4 or IPv6 address]

To whitelist traffic from a certain IP to a certain, the following command can be used:

sudo ufw allow from [IPv4 or IPv6 address] to any port [Port Number]

The command for allowing connection from a subnet of IP addresses is the same as when using a single IP address. The only difference is that you need to specify the netmask.

To whitelist traffic on a specific port to a specific network interface, we use the name of the network interface:

sudo ufw allow in on [network interface name like eth0] to any port [Port No.]

Earlier we set the default policy for all incoming connections to "deny", which means that UFW will block all incoming connections unless we specifically whitelist them.

Writing deny rules is the same as writing allow rules. We only need to replace allow with deny.

Deleting UFW Rules

There are two different ways to delete UFW rules. By rule number and by specifying the actual rule.

To find the rule numbers, we can run the following command:

sudo ufw status numbered

To delete a rule number, we can use the following command:

sudo ufw delete 3 [This will delete rule no. 3]

The second method is to delete a rule by specifying the actual rule. For example, if you added a rule to open port 8069 you can delete it with:

sudo ufw delete allow 8069

Enabling and Disabling UFW

Post completion of configurations, we can enable UFW with the following command:

sudo ufw enable

Similarly we can disable the UFW with the below command:

sudo ufw disable

Status

To check the status of UFW and the configurations of ports, we can use the following command:

sudo ufw status verbose

That's All Folks!

Sreyash Ratna Tripathi

I'm a Cyber Security Professional, Graduate Student at Carnegie Mellon University, and Co-creator of REScure Threat Intelligence Platform.