UFW (Uncomplicated Firewall) in Ubuntu/ Linux Mint is a simple but very effective firewall which can be configured to secure a system.
Here is a simple way to make sure ufw is configured to allow vital web services (like http, ftp, mysql etc) while effectively blocking anything else that is not needed especially on servers:
Setting default ufw policy :
First off, it is recommended to set ufw to it’s basic rules which basically denies all incoming traffic to the system and allows all outgoing traffic. To do this, open Terminal and type :
sudo ufw default allow outgoing
Allowing necessary services :
Now, in order to open access to and fro the system for only select services (ssh, www, ftp, mysql and a custom port 2267 in this example) :
sudo ufw allow ssh
sudo ufw allow ftp
sudo ufw allow mysql
sudo ufw allow 2267
If you want to see what other services can be directly configured through their names and not have to remember port numbers, simply view the contents of /etc/services :
This brings up the names of various services and their corresponding port numbers which can be handy when setting ufw rules.
Enabling / Disabling UFW :
Once the rules are configured, ufw needs to be enabled for the settings to take effect. To do this :
It is also important to check the status of firewall rules (especially when troubleshooting), ufw rules can be examined by the status command :
Also, in order to delete a specific rule that was previously added, the delete command can be used :
This will delete the rule of opening port 2267 from before.
Finally, to disable ufw :
This will turn off the firewall and is useful when troubleshooting connectivity issues.