How does Ubuntu 22.10 (Kinetic Kudu) Firewall work ?
UbuntuIf you need to set up your own firewall rules in a very simple way without needing to learn complicated commands, this will guide you through.
Here at FixWebNode, we shall look into how to configure the UFW (Uncomplicated Firewall) Iptables on your Ubuntu Linux system.
Table of contents [Show]
- 1 What is UFW (Uncomplicated Firewall) ?
- 2 How to use the restrictive or unrestricted policies via UFW ?
- 3 How to allow request from specific IP addresses using UFW ?
- 4 How to allow request from range of IP addresses using ufw ?
- 5 How to remove rule using ufw on Ubuntu ?
- 6 [Need to fix your Ubuntu Linux system issues ? We can help you. ]
What is UFW (Uncomplicated Firewall) ?
By default, UFW is shipped in previous Debian-based Linux distributions such as Ubuntu.
While current versions incorporate Nftables, older versions with Iptables offer the Iptables frontend called UFW.
If UFW isn't installed, you can easily install it by running the apt packages manager command:
$ sudo apt install ufw -y
Once installed, you can check its status via the below command:
$ sudo ufw status
If inactive, you can enable it by running:
$ sudo ufw enable
Once enabled, use the following syntax to open specific ports:
$ sudo ufw allow <Port>
For example, to open port 8080, execute the following command:
$ sudo ufw allow 8080
With UFW, you can specify ports both by their number or by their protocol name.
For example, to open the ssh port, you can run the following command:
$ sudo ufw allow ssh
You could get the same result by replacing "ssh" with "22".
To close ports, you can use the below syntax , you just have to replace "allow" with "deny", as shown below, where port 22 is closed:
$ sudo ufw deny 22
To specify a protocol (UDP or TCP), add a slash after the defined port, followed by the protocol.
Here, port 21 is open specifically through the UDP protocol:
$ sudo ufw allow 21/udp
To allow TCP traffic, you can use the below syntax replacing "udp" with "tcp":
$ sudo ufw allow 21/tcp
You also can deny or allow port ranges, but when doing it, the user must specify the protocol.
Here, the port range between 6000 and 6010 is allowed through the protocol TCP:
$ sudo ufw allow 6000:6010/tcp
How to use the restrictive or unrestricted policies via UFW ?
UFW allows you to define default policies, like restrictive or unrestricted.
By defining a restrictive policy, we deny all traffic through all ports and protocols unless we define exceptions.
Contrary to this, when defining an unrestricted policy, all traffic is allowed unless exceptions are defined.
For example, to deny all incoming traffic by default, execute the below command:
$ sudo ufw default deny incoming
To allow all outgoing traffic, simply execute the command:
$ sudo ufw default allow outgoing
How to allow request from specific IP addresses using UFW ?
Not only a specific port can be allowed or denied for either outgoing or incoming, but also an IP address too. When the IP address is specified in the rule, any request from this particular IP is subjected to just the specified rule; for instance, in the following command, it allows all requests from 67.205.171.203 IP address, then it allows all requests from 67.205.171.203 to both port 80 and 443 ports:
$ sudo ufw allow from 67.205.171.203
What this means is any device with this IP can send successful requests to the server without being denied in a case when the default rule blocks all incoming connections. This is quite useful for private servers that are used by a single person or a specific network.
Then we enable incoming traffic from a specific IP to port 80, run:
$ sudo ufw allow from 67.205.171.204 to any port 80
To enable traffic from a specific IP to port 443, use:
$ sudo ufw allow from 67.205.171.203 to any port 443
How to allow request from range of IP addresses using ufw ?
When a range of IP addresses is involved, it's difficult to manually add each IP address record to a firewall rule to either deny or allow, and thus IP address ranges can be specified in CIDR notation, which typically consists of the IP address, and the amount of hosts it contains and IP of each host.
Here, it uses the following two commands. You will notice that it uses /24 netmasks, and thus the rule is valid from 192.168.1.1 to 192.168.1.254 IP addresses.
$ sudo ufw allow from 192.168.1.1/24
In the second example, the same rule is valid for port number 25 only. So if incoming requests are blocked by default, now the mentioned IP addresses are allowed to send requests to port number 25 of the server.
The below command allows traffic from a specific subnet to port 25:
$ sudo ufw allow from 192.168.1.1/24 to any port 25
How to remove rule using ufw on Ubuntu ?
Rules can be removed from the firewall.
The below command lines up each rule in the firewall with a number:
$ sudo ufw status numbered
The following command will help to delete the rule by specifying the number belonging to the rule:
$ sudo ufw delete 4
This will delete rule 4, which allows traffic through port 21/UDP.
When requested to confirm the operation, type "y" and press ENTER.
Finally, to start over the firewall configuration, use the following command:
$ sudo ufw reset
This is quite useful if the firewall starts working oddly or if the firewall behaves in an unexpected manner.
In some cases, you might want to disable the default firewall in order to test the network or when a different firewall is intended to install. The below command completely disables the firewall and allows all incoming and outgoing connections unconditionally:
$ sudo ufw disable
[Need to fix your Ubuntu Linux system issues ? We can help you. ]