How To Set Up a Firewall with UFW on Fedora 34

To Set Up a Firewall with UFW on Fedora 34

Introduction:

UFW is designed to provide an easy-to-use interface for managing software firewalls such as Netfilter and Linux firewalls.

Installation Procedure:

Step 1: Check the OS version by using the below Command

[root@linuxhelp ~]# cat /etc/os-release
NAME=Fedora
VERSION="34 (Workstation Edition)"
ID=fedora
VERSION_ID=34
VERSION_CODENAME=""
PLATFORM_ID="platform:f34"
PRETTY_NAME="Fedora 34 (Workstation Edition)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:34"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/34/system-administrators-guide/"
SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_help"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=34
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=34
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
VARIANT="Workstation Edition"
VARIANT_ID=workstation

Step 2: Check the Status of the UFW by using the below command

 [root@linuxhelp ~]# ufw status
Status: inactive

Step 3: Enable the UFW by using the below command

 [root@linuxhelp ~]# ufw enable
Firewall is active and enabled on system startup

Step 4: Check the IPv6 enabled in UFW by using the below command

 [root@linuxhelp ~]# cat /etc/default/ufw | grep IPV6
IPV6=yes

Step 5: Make the default rule for incoming connections by using the below command

[root@linuxhelp ~]# ufw default deny incoming
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)

Step 6: Make the default rule for outgoing connections by using the below command

 [root@linuxhelp ~]# ufw default allow outgoing
Default outgoing policy changed to 'allow'
(be sure to update your rules accordingly)

Step 7: Allow the TCP port 80 connection by using the below command

 [root@linuxhelp ~]# ufw allow 80/tcp
Rule added
Rule added (v6)

Step 8: Allow the port range from 3000 to 4000 TCP connection by using the below command

[root@linuxhelp ~]# ufw allow 3000:4000/tcp
Rule added
Rule added (v6)

Step 9: Allow the port range from 3000 to 4000 UDP connection by using the below command

 [root@linuxhelp ~]# ufw allow 3000:4000/udp
Rule added
Rule added (v6)

Step 10: Allow the particular IP address to access the port 22 by using the below command

 [root@linuxhelp ~]# ufw allow from 192.168.6.125 to any port 22
Rule added

Step 11: Allow the Subnet range of IP Address by using the below command

 [root@linuxhelp ~]# ufw allow from 192.168.7.0/23
WARN: Rule changed after normalization
Rule added

Step 12: Deny the outgoing connections of port 25 by using the below command

 [root@linuxhelp ~]# ufw deny out 25
Rule added
Rule added (v6)

Step 13: List the Updated Rules in the UFW by using the below command

 [root@linuxhelp ~]# ufw status numbered
Status: active
     To                         Action      From
     --                         ------      ----
[ 1] SSH                        ALLOW IN    Anywhere                  
[ 2] 224.0.0.251 mDNS           ALLOW IN    Anywhere                  
[ 3] 80/tcp                     ALLOW IN    Anywhere                  
[ 4] 3000:4000/tcp              ALLOW IN    Anywhere                  
[ 5] 3000:4000/udp              ALLOW IN    Anywhere                  
[ 6] 22                         ALLOW IN    192.168.6.125             
[ 7] Anywhere                   ALLOW IN    192.168.6.0/23            
[ 8] 25                         DENY OUT    Anywhere                   (out)
[ 9] SSH (v6)                   ALLOW IN    Anywhere (v6)             
[10] ff02::fb mDNS              ALLOW IN    Anywhere (v6)             
[11] 80/tcp (v6)                ALLOW IN    Anywhere (v6)             
[12] 3000:4000/tcp (v6)         ALLOW IN    Anywhere (v6)             
[13] 3000:4000/udp (v6)         ALLOW IN    Anywhere (v6)             
[14] 25 (v6)                    DENY OUT    Anywhere (v6)              (out)

Step 14: Delete the Rule number 6 by using the below command

 [root@linuxhelp ~]# ufw delete 8
Deleting:
 deny out 25
Proceed with operation (y|n)? y
Rule deleted

Step 15: List the Updated Rules in the UFW by using the below command

 [root@linuxhelp ~]# ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] SSH                        ALLOW IN    Anywhere                  
[ 2] 224.0.0.251 mDNS           ALLOW IN    Anywhere                  
[ 3] 80/tcp                     ALLOW IN    Anywhere                  
[ 4] 3000:4000/tcp              ALLOW IN    Anywhere                  
[ 5] 3000:4000/udp              ALLOW IN    Anywhere                  
[ 6] 22                         ALLOW IN    192.168.6.125             
[ 7] Anywhere                   ALLOW IN    192.168.6.0/23            
[ 8] SSH (v6)                   ALLOW IN    Anywhere (v6)             
[ 9] ff02::fb mDNS              ALLOW IN    Anywhere (v6)             
[10] 80/tcp (v6)                ALLOW IN    Anywhere (v6)             
[11] 3000:4000/tcp (v6)         ALLOW IN    Anywhere (v6)             
[12] 3000:4000/udp (v6)         ALLOW IN    Anywhere (v6)             
[13] 25 (v6)                    DENY OUT    Anywhere (v6)              (out)

Step 16: Disable the firewall by using the below command

[root@linuxhelp ~]# ufw disable
Firewall stopped and disabled on system startup

Step 17: Check the Status of the UFW again by using the below command

 [root@linuxhelp ~]# ufw status
Status: inactive

Step 18: Reset the UFW firewall to the default by using the below command

[root@linuxhelp ~]# ufw reset
Resetting all rules to installed defaults. Proceed with operation (y|n)? y
Backing up 'user.rules' to '/var/lib/ufw/user.rules.20220212_023919'
Backing up 'before.rules' to '/etc/ufw/before.rules.20220212_023919'
Backing up 'after.rules' to '/etc/ufw/after.rules.20220212_023919'
Backing up 'user6.rules' to '/var/lib/ufw/user6.rules.20220212_023919'
Backing up 'before6.rules' to '/etc/ufw/before6.rules.20220212_023919'
Backing up 'after6.rules' to '/etc/ufw/after6.rules.20220212_023919'
WARN: '/var/lib/ufw/user.rules' is world readableWARN: '/etc/ufw/before.rules' is world readableWARN: '/etc/ufw/after.rules' is world readableWARN: '/var/lib/ufw/user6.rules' is world readableWARN: '/etc/ufw/before6.rules' is world readableWARN: '/etc/ufw/after6.rules' is world readable

By this to Set up a Firewall with UFW on Fedora 34 have been completed

Tag : Firewall ufw Fedora
FAQ
Q
From what that UFW is written in?
A
UFW is written in Python.
Q
Is UFW is a stand-alone Firewall?
A
No, UFW is not a stand-alone firewall rather than it uses IPtables for Configurations.
Q
Does UFW supports both ingress and egress filtering?
A
Yes, UFW supports both ingress and egress filtering and users may optionally specify a direction of either in or out for either incoming or outgoing traffic.
Q
What happens when running the "ufw reset" command?
A
It will Disable and reset the firewall to installation defaults.
Q
What happens when running the "ufw enable" command?
A
It will reload the firewall and enables the firewall to boot.