Website

UFW Firewall Basics

Published

3 days ago

27 June 2024

Security in today’s modern age of computing is critical and there is no one security solution to solve things. Instead, it is about laying the security technologies and best practices to minimize the potential attack surface as much as possible. On that note it is critical choose what services should and shouldn’t be exposed to the internet. Firewall are used to help facilitate what are and aren’t accessible. In this blog post we will take a look at the UFW firewall from getting it setup, configuration, and troubleshooting.

What Is A Firewall
Introduction To the UFW Firewall
- Key Features Of UFW
- Things To Be Aware Of
Getting UFW Up And Running
Listing Firewall Rules
Adding Allow Rules
- Adding Comments To Rules
Adding Deny Rules
Delete Firewall Rules
Run Into Issues?
Conclusion
Additional Links

What Is A Firewall

A firewall filters network traffic on a computer network to allow and deny designated traffic.

Did You Know?

Most software firewalls on Linux are a front-end that utilizes iptables or nftables on the backend. The backend then interfaces with netfilter in the Linux kernel to enforce the rules.

Introduction To the UFW Firewall

UFW is a software firewall that stands for uncomplicated firewall, it provides a user-friendly interface to create firewall rules. It originally was built for Ubuntu but since then has been brought to most Linux distributions. It provides a simple command line interface for those who find firewall configure a bit hard to grasp while still providing features advanced users need.

Key Features Of UFW

Simplicity
Ease of use
Sensible defaults
IPv6 Support

Things To Be Aware Of

By default UFW Allows Ping
You should only have one Linux firewall installed and running at a time.

Getting UFW Up And Running

Installation

The UFW firewall should be available for most Linux distributions under the package name ufw, here are some example installation commands for popular package managers.

The Apt Package Manager

sudo apt install ufw

Note for Ubuntu Users: For newer Ubuntu installations UFW may be preinstalled.

The DNF Package Manager

sudo dnf install ufw

The Service

To Start and Enable the service you can use the built-in enable sub-command shown below.

sudo ufw enable

You should see the message below.

Firewall is active and enabled on system startup

For IPv6

I recommend confirming that UFW is configured for IPv6 if you have been or are planning on using IPv6.

Run the following command to open the file in nano or similarly open the file with your text editor of choice.

sudo nano /etc/default/ufw

In the file confirm the IPV6 variable is set to yes as shown below.

IPV6=yes

Listing Firewall Rules

To List firewall rules append status to the ufw command as shown below:

sudo ufw status

If you would like more information like the default policies append verbose to the command.

sudo ufw status verbose

Screenshot of the results of command sudo ufw status verbose

Notice the default rule for incoming connections. If you stick with this it means to only need to worry about what you want to allow for incoming traffic.

Adding Allow Rules

Below are many examples of firewall rules for UFW. These are all focused on inbound traffic because UFW has a default allow policy for outgoing traffic. Note the IP address shown below is just an example.

To allow a port

sudo ufw allow 35517

To allow a port for a specific protocol

sudo ufw allow 35517/[protocol]

Replace with the [protocol] like tcp or udp.

To allow a port range

sudo ufw allow 35517:35587/[protocol]

To allow by service

sudo allow https

UFW allows you to allow by services as well as ports. Though it should be notes that these need to be defined in /etc/services.

Whitelist all ports from an IP

sudo allow from 198.51.100.100

Allow a whole subnet for all ports

sudo allow from 198.51.100.0/24

Specific IP to a specific port

sudo ufw allow from 198.51.100.100 to any port 35517

Specific IP to a specific port and protocol

sudo ufw allow from 198.51.100.100 to any port 35517 proto tcp

Allow from specific network interface and port

sudo ufw allow in on wg0 to any port 35517

Adding Comments To Rules

To add a comment to the rule append comment and enclose the comment in single quotes.

sudo ufw allow 35517/tcp comment 'This is a comment'

Adding Deny Rules

If you use default incoming policy of deny there is no need to worry about deny rules for incoming traffic. That said it is simple to turn the examples in the allow section to deny rules, simply replace allow with deny.

Delete Firewall Rules

To delete a firewall rule simply add delete right after you call ufw in the command like so.

Say we just added the following rule:

sudo ufw allow from 198.51.100.100 to any port 35517

To delete we add delete between ufw and allow like so

sudo ufw delete allow from 198.51.100.100 to any port 35517

Run Into Issues?

Check the logs
- If you’re running into issues with specific traffic first check the log at /var/log/ufw.log.
Confirm the issue is firewall related
- You can disable ufw to narrow things down using the following command:sudo ufw disable
- Make sure to enable the firewall after testing using:sudo ufw enable
If nothing else works you can always reset the firewall back to defaults, but this means clearing out any and all rules in place so make sure to document them first.
- To reset UFW to defaults usesudo ufw reset

Conclusion

Software firewalls are am important layer in security by reducing the attack surface which is extremely important for systems directly connected to the internet. In this blog post we have taken a look at the UFW firewall. From getting to know UFW, installation, listing rules, adding rules, and troubleshooting tips.