UFW: Uncomplicated Firewall
This is a wiki page. Be bold and improve it!
If you have any questions about the content on this page, don't hesitate to open a new ticket and we'll do our best to assist you.
The Uncomplicated Firewall (ufw) is a frontend for iptables.
Links
Uncomplicated Firewall:
http://en.wikipedia.org/wiki/Uncomplicated_Firewall
https://launchpad.net/ufw
Documentation:
https://wiki.ubuntu.com/UncomplicatedFirewall
https://help.ubuntu.com/community/UFW
Setting up your first firewall
This section is written as a tutorial to help you go through the process of enabling your first firewall over a remote connection (SSH).
The first thing you want to avoid, is being locked out of your remote system after you enable the firewall. This tutorial will make sure that you won't be.
Note that all the commands below should be run as root.
First, check the firewall status:
# ufw status
Status: inactive
Check if there are any active iptables rules. The following output shows that none is active:
# iptables -L -n -v
Chain INPUT (policy ACCEPT 2793K packets, 569M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1768K packets, 5488M bytes)
pkts bytes target prot opt in out source destination
Now, before we enable ufw, we are going to add a cron job that will automatically disable ufw every minute (should it be active). Edit /etc/crontab and add the following entry:
*/1 * * * * root ufw disable
Ensure that cron is running normally (the above job should generate mail for root).
Then you are ready to enable the firewall:
# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
# ufw status
Status: active
and after a minute:
# ufw status
Status: inactive
Now, you can test you brand new firewall, making the cron job run every 5, 10, 20 minutes if necessary to give you time to test. If you lock yourself out, cron will soon disable the firewall and you'll be able to log back in again.
Now check again active iptables rules, and you'll see all the rules that ufw enables by default:
iptables -L -n -v
// long output snipped.
</code>
<code>
</code>
<code>
Issues related to this page:
Project | Summary | Status | Priority | Category | Last updated | Assigned to |
---|---|---|---|---|---|---|
Linux server | ufw status and iptables | active | normal | support request | 12 years 28 weeks |