Client Area

 Client Area

UFW – IPtables Firewall configuration made easier

Ufw Firewall Iptables Min

Sections

    UFW (Uncomplicated Firewall) is the easiest way to make your server secure by blocking all incoming connections on ports you do not want to use.

    So at first, install ufw :

    apt install ufw -y
    ## Check the status of ufw with 
    ufw status
    
    ## to identify what services are running on your server use 
    netstat -tulpn
    
    ##  enable logging 
    ufw logging on
    
    ##  Use the default rules to allow outgoing traffic and to deny all incoming traffic. 
    ufw default allow outgoing
    ufw default deny incoming
    
    ## allow SSH - DNS - HTTP and HTTPS  - NTP
    ufw allow 22
    ufw allow 53
    ufw allow http
    ufw allow https
    ufw allow 123
    
    ## Librenms SNMP and Unix-agent
    ufw allow 161
    ufw allow 6556
    
    ## Netdata dashboard 
    ufw allow 19999
    
    ## Rsync
    ufw allow 873
    
    ## EasyEngine default backend
    ufw allow 22222
    
    ### Some other examples :
    
    ## Allow connections on all ports from an IP 
    ufw allow from 123.45.67.89
    
    ## Allow connections on all ports from a subnet
    ufw allow from 123.45.67.89/24
    
    ## Specify a port + an IP + a protocol 
    ufw allow from 123.45.67.89 to any port 22 proto tcp
    
    # Whitelist Cloudflare network IPv4+IPv6
    wget https://raw.githubusercontent.com/Paul-Reed/cloudflare-ufw/master/cloudflare-ufw.sh
    bash cloudflare-ufw.sh

    When you have set all the rules you need, enable ufw with :

    ufw enable

    Check sometimes the server syslog to see if there is some missing rules in your configuration :

    tail -f /var/log/syslog

    You should see some connections blocked by UFW :

    Jun XX 18:28:X server kernel: [ 8544.753005] [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:xx:xx:xx:00:ff:ff:ff:ff:xx:xx:00 SRC=xx.xx.173.85 DST=xx.xx.51.219 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=28251 PROTO=TCP SPT=59043 DPT=21021 WINDOW=1024 RES=0x00 SYN URGP=0

    SRC: IP source
    DST: Destination IP
    SPT: Port source
    DPT: Destination Port

    in Security

    Feedback