Tutorial Comments FAQ Related Articles

How To Set Up a Firewall with UFW on Ubuntu 21.04

6834

To Set Up a Firewall with UFW on Ubuntu 21.04

Introduction:

UFW provides an interface for managing Netfilter firewalls, as well as Linux firewalls, and is aimed at providing an easy-to-use experience for users.

Installation Procedure:

Step 1:Check the OS version by using the below Command

root@linuxhelp:~# lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 21.04
Release:	21.04
Codename:	hirsute

Step 2: Check the Status of the UFW by using the below command

root@linuxhelp:~# ufw status
Status: inactive

Step 3: Enable the UFW by using the below command

root@linuxhelp:~# ufw enable 
Firewall is active and enabled on system startup

Step 4: Check the IPv6 enabled in UFW by using the below command

root@linuxhelp:~# cat /etc/default/ufw | grep IPV6
IPV6=yes

Step 5: Make the default rule for incoming connections by using the below command

root@linuxhelp:~# ufw default deny incoming
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)

Step 6: Make the default rule for outgoing connections by using the below command

root@linuxhelp:~# ufw default allow outgoing 
Default outgoing policy changed to 'allow'
(be sure to update your rules accordingly)

Step 7: Allow the TCP port 80 connection by using the below command

root@linuxhelp:~# ufw allow 80/tcp
Rule added
Rule added (v6)

Step 8: Allow the port range from 3000 to 4000 TCP connection by using the below command

root@linuxhelp:~# ufw allow 3000:4000/tcp
Rule added
Rule added (v6)

Step 9: Allow the port range from 3000 to 4000 UDP connection by using the below command

root@linuxhelp:~# ufw allow 3000:4000/udp
Rule added
Rule added (v6)

Step 10: Allow the particular IP address to access the port 22 by using the below command

root@linuxhelp:~# ufw allow from 192.168.6.115 to any port 22
Rule added

Step 11: Allow the Subnet range of IP Address by using the below command

root@linuxhelp:~# ufw allow from 192.168.7.0/23
WARN: Rule changed after normalization
Rule added

Step 12: Deny the outgoing connections of port 25 by using the below command

root@linuxhelp:~# ufw deny out 25 
Rule added
Rule added (v6)

Step 13: List the Updated Rules in the UFW by using the below command

root@linuxhelp:~# ufw status numbered 
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 80/tcp                     ALLOW IN    Anywhere                  
[ 2] 3000:4000/tcp              ALLOW IN    Anywhere                  
[ 3] 3000:4000/udp              ALLOW IN    Anywhere                  
[ 4] 22                         ALLOW IN    192.168.6.115             
[ 5] Anywhere                   ALLOW IN    192.168.6.0/23            
[ 6] 25                         DENY OUT    Anywhere                   (out)
[ 7] 80/tcp (v6)                ALLOW IN    Anywhere (v6)             
[ 8] 3000:4000/tcp (v6)         ALLOW IN    Anywhere (v6)             
[ 9] 3000:4000/udp (v6)         ALLOW IN    Anywhere (v6)             
[10] 25 (v6)                    DENY OUT    Anywhere (v6)              (out)

Step 14: Delete the Rule number 6 by using the below command

root@linuxhelp:~# ufw delete 6
Deleting:
 deny out 25
Proceed with operation (y|n)? y
Rule deleted

Step 15: List the Updated Rules in the UFW by using the below command

root@linuxhelp:~# ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 80/tcp                     ALLOW IN    Anywhere                  
[ 2] 3000:4000/tcp              ALLOW IN    Anywhere                  
[ 3] 3000:4000/udp              ALLOW IN    Anywhere                  
[ 4] 22                         ALLOW IN    192.168.6.115             
[ 5] Anywhere                   ALLOW IN    192.168.6.0/23            
[ 6] 80/tcp (v6)                ALLOW IN    Anywhere (v6)             
[ 7] 3000:4000/tcp (v6)         ALLOW IN    Anywhere (v6)             
[ 8] 3000:4000/udp (v6)         ALLOW IN    Anywhere (v6)             
[ 9] 25 (v6)                    DENY OUT    Anywhere (v6)              (out)

Step 16: Disable the firewall by using the below command

root@linuxhelp:~# ufw disable
Firewall stopped and disabled on system startup

Step 17: Check the Status of the UFW again by using the below command

 root@linuxhelp:~# ufw status 
Status: inactive

Step 18: Reset the UFW firewall to the default

root@linuxhelp:~# ufw reset
Resetting all rules to installed defaults. Proceed with operation (y|n)? y
Backing up 'user.rules' to '/etc/ufw/user.rules.20220127_140559'
Backing up 'before.rules' to '/etc/ufw/before.rules.20220127_140559'
Backing up 'after.rules' to '/etc/ufw/after.rules.20220127_140559'
Backing up 'user6.rules' to '/etc/ufw/user6.rules.20220127_140559'
Backing up 'before6.rules' to '/etc/ufw/before6.rules.20220127_140559'
Backing up 'after6.rules' to '/etc/ufw/after6.rules.20220127_140559'

By this To Set Up a Firewall with UFW on Ubuntu 21.04 have been completed

Tags:

Author:

Comments ( 0 )

No comments available

Add a comment

Frequently asked questions ( 5 )

What happens when running the "ufw enable" command?

It will reload the firewall and enables the firewall to boot.

What happens when running the "ufw reset" command?

It will Disable and reset the firewall to installation default

Does UFW supports both ingress and egress filtering?

Yes, UFW supports both ingress and egress filtering and users may optionally specify a direction of either in or out for either incoming or outgoing traffic.

Is UFW is a stand-alone Firewall?

No, UFW is not a stand-alone firewall rather than it uses IPtables for Configuration

From what that UFW is written in?

UFW is written in Python.