Uncomplicated FireWall (UFW) on Ubuntu

published on 2017-01-16 in computing

UFW is a pretty simple to use firewall wrapper for Ubuntu. Recently, I have been using it to block spammers on a little service I run for the Nashville Tech community. I used to do this with iptables directly, but this is far simpler.

Here's a quick primer on firing it up and blocking a particular IP address. It's disabled by default so you need to allow your services and then turn it on:

ufw allow ssh/tcp
ufw allow 80/tcp
ufw logging on
ufw enable
ufw status

Order matters - once a rule is matched the others will not be evaluated. So, to block that IP, you need to insert it early:

ufw insert 1 deny from

Here's what these rules look like:

# ufw status
Status: active

To                         Action      From
--                         ------      ----
Anywhere                   DENY             
22/tcp                     ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             

And you can number the output to make it easy to clean up or delete your rules:

# ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] Anywhere                   DENY IN             
[ 2] 22/tcp                     ALLOW IN    Anywhere                  
[ 3] 80/tcp                     ALLOW IN    Anywhere                  
[ 4] 22/tcp (v6)                ALLOW IN    Anywhere (v6)             
[ 5] 80/tcp (v6)                ALLOW IN    Anywhere (v6)             

To delete one it'd be ex: ufw delete 1

Tags: firewall sysadmin linux ubuntu