LabEx
Log InJoin Free

Enabling Basic Firewall

LinuxBeginner
Practice Now

Introduction

Welcome to this hands-on lab on enabling a basic firewall. Securing a server is a critical task for any system administrator, and a firewall is the first line of defense against unauthorized network access.

In this lab, you will work with UFW (Uncomplicated Firewall), a user-friendly interface for managing iptables firewall rules on Debian and Ubuntu systems. UFW is designed to be simple and intuitive, making basic firewall management accessible to everyone. You will learn how to install UFW, add rules to allow specific traffic, enable and disable the firewall, and check its status.

By the end of this lab, you will have a solid understanding of how to perform essential firewall operations using UFW.

Install UFW with apt install ufw -y Command

In this step, you will install the Uncomplicated Firewall (UFW). While UFW is included in many Ubuntu distributions, it's good practice to ensure it's installed or to install it if it's missing. We will use the apt package manager for this.

First, it's always a good idea to update your package list to ensure you are getting the latest versions available.

Execute the following command in your terminal:

sudo apt update

You will see output as the package lists are updated from the repositories.

Now, proceed to install UFW. The -y flag automatically answers "yes" to any prompts during the installation process.

sudo apt install ufw -y

After the command completes, UFW will be installed on your system. You should see output similar to the following, indicating a successful installation:

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  ufw
0 upgraded, 1 newly installed, 0 to remove and ... not upgraded.
Need to get ...
After this operation, ... of additional disk space will be used.
...
Setting up ufw (...)
...

At this point, UFW is installed but not yet active. In the next step, you will configure a rule before enabling it.

Allow HTTP with ufw allow 80 Command

In this step, you will add a firewall rule to allow incoming HTTP traffic. By default, UFW denies all incoming connections. If you were running a web server, you would need to create a rule to explicitly allow users to access it. HTTP traffic uses port 80.

You can add a rule using the ufw allow command followed by the port number or service name.

Run the following command to allow traffic on port 80:

sudo ufw allow 80

You will see a confirmation that the rule has been added. UFW is smart enough to add the rule for both IPv4 and IPv6 traffic, which is why you see two lines in the output.

Rule added
Rule added (v6)

This rule is now configured, but it will not take effect until the firewall is enabled, which you will do in the next step. This is a safe practice, as it allows you to set up all necessary rules (e.g., for SSH) before activating the firewall and potentially locking yourself out.

Enable Firewall with ufw enable Command

In this step, you will activate the firewall. Simply installing UFW and adding rules is not enough; the firewall service must be running for the rules to be enforced.

Before enabling the firewall, it's important to allow SSH traffic to prevent being locked out of the system. SSH uses port 22 by default.

sudo ufw allow ssh

You will see confirmation that the SSH rule has been added:

Rule added
Rule added (v6)

Now you can safely enable UFW. Use the ufw enable command.

sudo ufw enable

The firewall will be activated and the output will confirm that it's now active and will be enabled automatically on system startup.

Firewall is active and enabled on system startup

Your firewall is now live and enforcing the rules you've set, including allowing SSH access.

Check Status with ufw status Command

In this step, you will learn how to check the status of your firewall and view the active rules. This is an essential command for verifying your configuration.

To see a basic status report, use the ufw status command.

sudo ufw status

The output will show that the firewall is active and list the rules you have configured. You should see the rules for SSH and port 80 that you added.

Status: active

To                         Action      From
--                         ------      ----
80                         ALLOW       Anywhere
80 (v6)                    ALLOW       Anywhere (v6)
22                         ALLOW       Anywhere
22 (v6)                    ALLOW       Anywhere (v6)

For a more detailed view, you can use the verbose option. This will show the default policies as well.

sudo ufw status verbose

The verbose output provides more context, including the default policy for incoming, outgoing, and routed traffic. By default, UFW denies all incoming traffic and allows all outgoing traffic.

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
80/tcp                     ALLOW IN    Anywhere
80/tcp (v6)                ALLOW IN    Anywhere (v6)
22/tcp                     ALLOW IN    Anywhere
22/tcp (v6)                ALLOW IN    Anywhere (v6)

Regularly checking the status is a good habit to ensure your firewall is configured as expected.

Disable and Remove Rules with ufw disable Command

In this step, you will learn how to disable the firewall and remove existing rules. You might need to do this for maintenance, troubleshooting, or to reconfigure your firewall from scratch.

First, let's disable the firewall. This will stop UFW from filtering network traffic.

sudo ufw disable

The output will confirm that the service has been stopped.

Firewall stopped and disabled on system startup

Next, let's remove the rule we added. While the firewall is disabled, the rules are still stored in the configuration. To delete a specific rule, you can first list them with numbers using ufw status numbered.

sudo ufw status numbered

Status: inactive

Since the firewall is inactive, let's re-enable it to see the numbered rules.

sudo ufw enable
sudo ufw status numbered

The output will look like this:

Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 80                         ALLOW IN    Anywhere
[ 2] 80 (v6)                    ALLOW IN    Anywhere (v6)
[ 3] 22                         ALLOW IN    Anywhere
[ 4] 22 (v6)                    ALLOW IN    Anywhere (v6)

Now you can delete a rule by its number. Let's delete the first rule (for IPv4).

sudo ufw delete 1

UFW will ask for confirmation. In this environment, it will proceed automatically. You will see a confirmation that the rule has been deleted.

Deleting:
 allow 80
Proceed with operation (y|n)?
Rule deleted

Finally, if you want to completely reset UFW to its default state, removing all rules and disabling it, you can use the ufw reset command.

sudo ufw reset

This command is very useful for starting over with a clean firewall configuration.

Summary

Congratulations on completing the lab! You have successfully learned the fundamentals of managing a firewall on a Linux system using UFW.

In this lab, you have practiced:

  • Installing UFW using the apt package manager.
  • Adding rules to allow specific traffic with ufw allow.
  • Enabling and activating the firewall with ufw enable.
  • Checking the firewall's status and rules with ufw status.
  • Disabling the firewall and deleting rules with ufw disable and ufw delete.

Mastering these basic commands provides you with a powerful tool to enhance the security of your servers. Properly configuring a firewall is a foundational skill in system administration and network security.

Related Linux Courses
Quick Start with Linux

Quick Start with Linux

linux
Become a Junior System Administrator

Become a Junior System Administrator

linuxshell
Linux for Noobs

Linux for Noobs

linux