Tutorial News Comments FAQ Related Articles

How To Set Up a Firewall with UFW on Ubuntu 21.04

{{postValue.id}}

To Set Up a Firewall with UFW on Ubuntu 21.04

Introduction:

UFW provides an interface for managing Netfilter firewalls, as well as Linux firewalls, and is aimed at providing an easy-to-use experience for users.

Installation Procedure:

Step 1:Check the OS version by using the below Command

root@linuxhelp:~# lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 21.04
Release:	21.04
Codename:	hirsute

Step 2: Check the Status of the UFW by using the below command

root@linuxhelp:~# ufw status
Status: inactive

Step 3: Enable the UFW by using the below command

root@linuxhelp:~# ufw enable 
Firewall is active and enabled on system startup

Step 4: Check the IPv6 enabled in UFW by using the below command

root@linuxhelp:~# cat /etc/default/ufw | grep IPV6
IPV6=yes

Step 5: Make the default rule for incoming connections by using the below command

root@linuxhelp:~# ufw default deny incoming
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)

Step 6: Make the default rule for outgoing connections by using the below command

root@linuxhelp:~# ufw default allow outgoing 
Default outgoing policy changed to 'allow'
(be sure to update your rules accordingly)

Step 7: Allow the TCP port 80 connection by using the below command

root@linuxhelp:~# ufw allow 80/tcp
Rule added
Rule added (v6)

Step 8: Allow the port range from 3000 to 4000 TCP connection by using the below command

root@linuxhelp:~# ufw allow 3000:4000/tcp
Rule added
Rule added (v6)

Step 9: Allow the port range from 3000 to 4000 UDP connection by using the below command

root@linuxhelp:~# ufw allow 3000:4000/udp
Rule added
Rule added (v6)

Step 10: Allow the particular IP address to access the port 22 by using the below command

root@linuxhelp:~# ufw allow from 192.168.6.115 to any port 22
Rule added

Step 11: Allow the Subnet range of IP Address by using the below command

root@linuxhelp:~# ufw allow from 192.168.7.0/23
WARN: Rule changed after normalization
Rule added

Step 12: Deny the outgoing connections of port 25 by using the below command

root@linuxhelp:~# ufw deny out 25 
Rule added
Rule added (v6)

Step 13: List the Updated Rules in the UFW by using the below command

root@linuxhelp:~# ufw status numbered 
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 80/tcp                     ALLOW IN    Anywhere                  
[ 2] 3000:4000/tcp              ALLOW IN    Anywhere                  
[ 3] 3000:4000/udp              ALLOW IN    Anywhere                  
[ 4] 22                         ALLOW IN    192.168.6.115             
[ 5] Anywhere                   ALLOW IN    192.168.6.0/23            
[ 6] 25                         DENY OUT    Anywhere                   (out)
[ 7] 80/tcp (v6)                ALLOW IN    Anywhere (v6)             
[ 8] 3000:4000/tcp (v6)         ALLOW IN    Anywhere (v6)             
[ 9] 3000:4000/udp (v6)         ALLOW IN    Anywhere (v6)             
[10] 25 (v6)                    DENY OUT    Anywhere (v6)              (out)

Step 14: Delete the Rule number 6 by using the below command

root@linuxhelp:~# ufw delete 6
Deleting:
 deny out 25
Proceed with operation (y|n)? y
Rule deleted

Step 15: List the Updated Rules in the UFW by using the below command

root@linuxhelp:~# ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 80/tcp                     ALLOW IN    Anywhere                  
[ 2] 3000:4000/tcp              ALLOW IN    Anywhere                  
[ 3] 3000:4000/udp              ALLOW IN    Anywhere                  
[ 4] 22                         ALLOW IN    192.168.6.115             
[ 5] Anywhere                   ALLOW IN    192.168.6.0/23            
[ 6] 80/tcp (v6)                ALLOW IN    Anywhere (v6)             
[ 7] 3000:4000/tcp (v6)         ALLOW IN    Anywhere (v6)             
[ 8] 3000:4000/udp (v6)         ALLOW IN    Anywhere (v6)             
[ 9] 25 (v6)                    DENY OUT    Anywhere (v6)              (out)

Step 16: Disable the firewall by using the below command

root@linuxhelp:~# ufw disable
Firewall stopped and disabled on system startup

Step 17: Check the Status of the UFW again by using the below command

 root@linuxhelp:~# ufw status 
Status: inactive

Step 18: Reset the UFW firewall to the default

root@linuxhelp:~# ufw reset
Resetting all rules to installed defaults. Proceed with operation (y|n)? y
Backing up 'user.rules' to '/etc/ufw/user.rules.20220127_140559'
Backing up 'before.rules' to '/etc/ufw/before.rules.20220127_140559'
Backing up 'after.rules' to '/etc/ufw/after.rules.20220127_140559'
Backing up 'user6.rules' to '/etc/ufw/user6.rules.20220127_140559'
Backing up 'before6.rules' to '/etc/ufw/before6.rules.20220127_140559'
Backing up 'after6.rules' to '/etc/ufw/after6.rules.20220127_140559'

By this To Set Up a Firewall with UFW on Ubuntu 21.04 have been completed

Tags:
Author: 

Comments ( 0 )

No comments available

Frequently asked questions ( 5 )

Q

What happens when running the "ufw enable" command?

A

It will reload the firewall and enables the firewall to boot.

Q

What happens when running the "ufw reset" command?

A

It will Disable and reset the firewall to installation default

Q

Does UFW supports both ingress and egress filtering?

A

Yes, UFW supports both ingress and egress filtering and users may optionally specify a direction of either in or out for either incoming or outgoing traffic.

Q

Is UFW is a stand-alone Firewall?

A

No, UFW is not a stand-alone firewall rather than it uses IPtables for Configuration

Q

From what that UFW is written in?

A

UFW is written in Python.

Back To Top!