OS: Ubuntu 20.04.3 LTS
UFW: 0.36
UFW (uncomplicated firewall) is the default firewall configuration tool that runs on top of iptables, included in Ubuntu distributions. For those that are looking at using the GUI configuration option. You can check out Gufw. By default the ufw package is installed and loaded but not turn on. To turn on ufw firewall. Below are the basic steps to get started. I will also go into some other additional configuration example once we have done the basic configuration to allow ssh access and turn on ufw.
First to check if ufw is installed.
sudo dpkg-query -l | grep ufw
To check if ufw.service is loaded.
sudo systemctl status ufw
To check the status of ufw whether it is active.
sudo ufw status
If you are turning on the ufw for your cloud instance always make sure that you have enable access to your management port before turning on the ufw.
To check the rules before turning on ufw use the following command. It is important to add ssh to the allowed list if you are managing the Ubuntu instance using ssh.
sudo ufw show added
To add the rule to allow ssh access you just need to enter the following command.
sudo ufw show added
To allow ssh connection we are going to allow connection to the default port 22. If you are changing the default ssh port to another port number do remember to include that as well.
sudo ufw allow 22
It is good to turn on logging to log the block traffic, to understand if there are any attempt to compromise your server.
sudo ufw logging on
You can enable the ufw firewall now. You will be prompted that by enabling the ufw firewall you might disrupt existing ssh connections. If you have not allowed ssh port. You can still enter n to stop activating the firewall. If you have done.
sudo ufw enable
You can now use ufw status and status verbose to see the rules that is currently active.
sudo ufw status
sudo ufw status verbose
To view the ufw logs you can view the logs in /var/log/ufw.log , to view the tail end of the logs in real time you can use the following command.
sudo tail -f /var/log/ufw.log
Below is a sample of the logs and the traffic the ufw have started blocking.