apt-get upgrade -y
First, obviously, you want to make sure UFW is installed. It should be installed by default in Ubuntu, but if for some reason it’s not, you can install the package using aptitude or apt-get using the following command:
apt-get install ufw
This tutorial is written with IPv4 in mind, but will work for IPv6 as well as long as you enable it. If your Ubuntu server has IPv6 enabled, ensure that UFW is configured to support IPv6 so that it will manage firewall rules for IPv6 in addition to IPv4. Open /etc/default/ufw:
nano /etc/default/ufwMake sure the value of IPV6 is yes. If it's not change it to yes.
Note: Tutorial about enabling IPv6 tunneling on KVM based servers can be found here.
ufw default deny incomingThese commands set the defaults to deny incoming and allow outgoing connections.
ufw default allow outgoing
ufw allow 22/tcp
Note: If you are using not standard 22 port change it in above command to your port.
Now that your firewall is configured to allow incoming SSH connections, we can enable it.
Allowing Other Connections
Now is a good time to allow some other connections we might need:
Allowing websites, FTP connection:
ufw allow www
ufw allow ftp
Allowing xxxx port:
ufw allow xxxx/tcp
You can also specify port ranges with UFW. For example to allow ports from 1000 to 10 000, use the command:
ufw allow 1000:10000/tcp
If you want UDP:
ufw allow 1000:10000/udp
You can also specify IP addresses. For example, if you wante to allow
connections from a specific IP address (say my work or home address), use this command:
ufw allow from 220.127.116.11
You can also specify a specific port that the IP address is allowed to connect to by adding to any port followed by the port number. For example, If you want to allow 18.104.22.168 to connect to port 22 (SSH), use this command:
ufw deny httpor
ufw deny from 22.214.171.124or etc.
ufw delete allow sshor
ufw delete allow 80/tcpor
ufw delete allow 1000:2000/tcp
ufw enable -y
It looks like you're new here. If you want to get involved, click one of these buttons!
Learn how to install a web and database server, email, FTP client or other applications. Discover and share information on server security or optimization recommendations.
Feel free to join our constantly expanding community, participate in discussions, strengthen your knowledge on Linux and Windows server management!