Quickly Secure Ubuntu/Linux Mint Systems Using UFW Firewall

Share on FacebookShare on Google+Tweet about this on TwitterPin on PinterestShare on RedditPrint this page

UFW (Uncomplicated Firewall) in Ubuntu/ Linux Mint is a simple but very effective firewall which can be configured to secure a system.

Here is a simple way to make sure ufw is configured to allow vital web services (like http, ftp, mysql etc) while effectively blocking anything else that is not needed especially on servers:

Setting default ufw policy :

First off, it is recommended to set ufw to it’s basic rules which basically denies all incoming traffic to the system and allows all outgoing traffic. To do this, open Terminal and type :

sudo ufw default deny incoming

sudo ufw default allow outgoing

Setting default ufw policy

Allowing necessary services :

Now, in order to open access to and fro the system for only select services (ssh, www, ftp, mysql and a custom port 2267 in this example) :

sudo ufw allow www

sudo ufw allow ssh

sudo ufw allow ftp

sudo ufw allow mysql

sudo ufw allow 2267

Configuring web services access through ufw

If you want to see what other services can be directly configured through their names and not have to remember port numbers, simply view the contents of /etc/services :

cat /etc/services | less

List of services as reference when configuring ufw rules

This brings up the names of various services and their corresponding port numbers which can be handy when setting ufw rules.

Enabling / Disabling UFW :

Once the rules are configured, ufw needs to be enabled for the settings to take effect. To do this :

sudo ufw enable

Enabling ufw firewall

It is also important to check the status of firewall rules (especially when troubleshooting), ufw rules can be examined by  the status command :

sudo ufw status

Checking ufw status

Also, in order to delete a specific rule that was previously added, the delete command can be used :

sudo ufw delete allow 2267

Deleting ufw rules

This will delete the rule of opening port 2267 from before.

Finally, to disable ufw :

sudo ufw disable

Disabling ufw

This will turn off the firewall and is useful when troubleshooting connectivity issues.

Happy configuring,

Comments are closed.