Skip to main content

UFW(Uncomplicated firewall ) in Debian linux Distribitions




https://i.ytimg.com/vi/f9-iYQ25K-g/maxresdefault.jpg

Computers are connected to each other and the services are growing fast that we cannot deny. Services like Email, Social Media, Online Shop, Chat are services used by the user.

A properly configured firewall is one of the most important aspects of overall system security.How about we look on the other side this connectivity just likes a double-side knife. It’s also possible to send bad messages to those computers like Virus, malware, trojan-apps are one of them.

The Internet is the biggest computer network and it is not always filled with people with the best intentions at heart. In order to make sure our computers and servers are safe we must protect our computers.

One of the must have component on your computer / servers is Firewall. From Wikipedia, a definition is:

In computing, a firewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on applied rule set.



A properly configured firewall is one of the most important aspects of overall system security.

What is UFW

The ufw (Uncomplicated Firewall) is an frontend for most widely used iptables firewall and it is well comfortable for host-based firewalls. ufw gives a framework for managing netfilter, as well as provides a command-line interface for controlling the firewall. It provides user friendly and easy to use interface for Linux newbies who are not much familiar with firewall concepts.

While, on the other side same complicated commands helps administrators it set complicated rules using command line interface. The ufw is an upstream for other distributions such as Debian, Ubuntu and Linux Mint.

Installation of UFW in Debian Linux Distributions


Only root or users with sudo privileges can manage the system firewall. The best practice is to run administrative tasks as sudo user.

First check if it is installed in your system using the following command

    sudo dpkg --get-selections | grep ufw



If not installed you can do so using the apt  command shown below
   
     sudo apt install ufw



Check UFW Status

        sudo ufw status


If you found Status: inactive like in the image above it means that it is not active or it is disabled

in most debian distributions it comes when it is already inactive

Enabling / Disabling ufw

To enable it, you just need to type the following command at the terminal.

    sudo ufw enable



To disable it just type.

    sudo ufw disable

List the current ufw rules

After the firewall is activated you can add your rules into it. If you want to see what are the default rules, you can type.

    sudo ufw status verbose

If you’re just getting started with your firewall, the first rules to define are your default policies. These rules control how to handle traffic that does not explicitly match any other rules. By default, UFW is set to deny all incoming connections and allow all outgoing connections. This means anyone trying to reach your cloud server would not be able to connect, while any application within the server would be able to reach the outside world.

Note that there can be exceptions which can be found in the output command:

    sudo ufw show raw

You can also read the rules files in /etc/ufw (the files whose names end with .rules).


Application Profiles

An application profile is a text file in INI format that describes the service and contains firewall rules for the service. Application profiles are created in the /etc/ufw/applications.d directory during the installation of the package.

You can list all application profiles available on your server by typing:
    
    sudo ufw app list


To find more information about a specific profile and included rules, use the following command:

    sudo ufw app info 'OpenSSH'

it even indicates the port it uses.

Allow and Deny (specific rules)

Allow

    sudo ufw allow <port>/<optional: protocol>

example:

    allow incoming tcp and udp packets on port 53

        sudo ufw allow 53

    allow incoming tcp packets on port 53

        sudo ufw allow 53/tcp

    allow incoming udp packets on port 53

        sudo ufw allow 53/udp

Deny
    deny incoming tcp and udp packets on port 53

        sudo ufw deny 53

    deny incoming tcp packets on port 53

        sudo ufw deny 53/tcp

    deny incoming udp packets on port 53

        sudo ufw deny 53/udp

Allow Other Connections

Now you should allow all of the other connections that your server needs to respond to. The connections that you should allow depends your specific needs. Luckily, you already know how to write rules that allow connections based on a service name or port—we already did this for SSH on port 22.

We will show a few examples of very common services that you may need to allow. If you have any other services for which you want to allow all incoming connections, follow this format.

HTTP—port 80

HTTP connections, which is what unencrypted web servers use, can be allowed with this command:

  • sudo ufw allow http

If you’d rather use the port number, 80, use this command:

  • sudo ufw allow 80

HTTPS—port 443

HTTPS connections, which is what encrypted web servers use, can be allowed with this command:

  • sudo ufw allow https

If you’d rather use the port number, 443, use this command:

  • sudo ufw allow 443

FTP—port 21

FTP connections, which is used for unencrypted file transfers (which you probably shouldn’t use anyway), can be allowed with this command:

  • sudo ufw allow ftp

If you’d rather use the port number, 21, use this command:

  • sudo ufw allow 21/tcp
 


Allow Specific Port Ranges

You can specify port ranges with UFW. Some applications use multiple ports, instead of a single port.

  • sudo ufw allow 2000:3007/tcp
  • sudo ufw allow 2000:3007/udp

When specifying port ranges with UFW, you must specify the protocol (tcp or udp) that the rules should apply to. We haven’t mentioned this before because not specifying the protocol simply allows both protocols, which is OK in most cases.

Specific IP Address and port

To allow connections on all ports from a given source IP, use the from keyword followed by the source address.

Here is an example of whitelisting an IP address:

sudo ufw allow from 216.58.223.78

If you want to allow the given IP address access only to a specific port, use the to any port keyword followed by the port number.

For example to allow access on port 22 from a machine with IP address of 

216.58.223.78

, enter:

sudo ufw allow from 216.58.223.78 to any port 22

Subnets

The syntax for allowing connections to a subnet of IP addresses is the same as when using a single IP address. The only difference is that you need to specify the netmask.

Below is an example, showing how to allow access for IP addresses ranging from

192.168.1.1 to 192.168.1.254 to port 3360 (MySQL):

sudo ufw allow from 192.168.1.0/24 to any port 3306





Denying Connections

The default policy for all incoming connections is set to deny, and if you haven't changed, 
it UFW will block all incoming connections unless you specifically open the connection

Writing deny rules is thee same as writing allow rules: you only need to use deny keyword instead of allow.

Let us say that you have opened port 443 and 3306 and your server is under 
attack from 23.54.23.0/24 network.

To deny all connections from 23.54.23.0/24 you would run the following command

    sudo ufw deny from 23.54.23.0/24

here is a command that only denys access only to port 80and 443 from 
23.54.23.0/24 
you can use the following command

    sudo ufw deny proto tcp from 23.54.23.0/24 to any port 80,443



    

Deleting rules

There are two ways of deleting rules:
  • Deleting by number
  • Deleting by actual rule
Deleting rules by number is actually easier, especially when you
are new to ufw and is what I would recommend 

1:Deleting by number

If you are using the rule number to delete firewall rules, 
you will need to get the list of all the rules of your firewall.
To get the list of numbered rules, we use the following command

    sudo ufw status numbered


Delete the rule number that you would like to delete lie in our
case let use delete rule 5 that gives access to the 
https/tcp

we will use the command bellow:

    sudo ufw delete 5
as you can see the rule has already been deleted and it is out 

2:Deleting by actual rule.
The alternative to rule numbers is to specify the actual rule 
to delete, like for example if you want to delete  "
"allow 443" rule you could write the command like this

    sudo ufw delete allow 443


Disabling UFW 
If for any reason you want to stop UFW and deactivate all the rules you can use:
    sudo ufw disable


Resetting UFW

Resetting the UFW will disable UFW, and delete all
active rules

This rule is helpful if you want to remove all your 
rules and start a fresh
    sudo ufw reset

Limit
UFW has the capability of l
deny connections from an IP address that has attempted to initiate
6 or more connections in the last 30 seconds. Users
should consider using this option for services such 
as SSH.
It works well if someone is attempting a denial of service
attack on your machine

    sudo ufw limit SSH


You might also have a need to allow outgoing traffic on a 
certain port but deny incoming traffic on the same port. To do this, you
 would use the directional argument like so. To allow outgoing traffic 
on port 25 (SMTP), issue the command:


    sudo ufw allow out on eth0 to any port 25 proto tcp


You could then add the next rule to block incoming traffic on the same interface and port:


    sudo ufw deny in on eth0 from any 25 proto tcp

Of the available arguments, the ones you’ll use the most with the ufw command are:


  • allow

  • deny

  • reject

  • limit

  • status: displays if the firewall is active or inactive

  • show: displays the current running rules on your firewall

  • reset: disables and resets the firewall to default

  • reload: reloads the current running firewall

  • disable: disables the firewall
Disabling  UFW logging
Disabling logging may be usefull to stop UFW from filling the kernel(dmesg) and
message logs:

    sudo UFW logging off


Conclusion

UFW as a front-end to iptables surely make an easy interface to user. 
User don’t need to remember complicated iptables syntax. UFW also use ‘plain english‘ as its parameter.


Allow, deny, reset
 are one of them. I believe that there are many more iptables front-end 
out there. But definitely ufw is one of the best alternative for users 
who want to setup their firewall fast, easy and of course secure. Please
 visit ufw manual page by typing man ufw for more detail.

Comments

  1. Eneri Alufan16 June 2020 at 23:06

    There's definitely so much I didn't know about it. Great work

    ReplyDelete

Post a Comment

Popular posts from this blog

TTY in linux and how to use it

Ok, how about we start with what is TTY.It stands for “teletypewriter.” What can tty tell us. In Linux, there is a pseudo-teletype multiplexor which handles the connections from all of the terminal window pseudo-teletypes (PTS). The multiplexor is the master, and the PTS are the "slaves". The multiplexor is addressed by the kernel through the device file located at /dev/ptmx. The tty command will print the name of the device file that your pseudo-teletype slave is using to interface to the master. And that, effectively, is the number of your terminal window. The output shows that we are connected to to the device file at /dev/pts/4. Our terminal window, which is a software emulation of a teletype (TTY), is interfaced to the pseudo-teletype multiplexor as a pseudo-teletype (PTS). And it happens to be number four.For the number at the end shows that. The Silent Option . The -s (silent) option causes tty to generate no output. This is how it will look on your terminal It do...
1 comment
Read more

Virtualization Technology

    Virtualization is the process of running a virtual instance of a computer system in an abstract layer of the physical hardware.     It ensures efficient utilization of physical computer hardware and is the foundation of cloud computing.     Virtualization uses a software to create an abstraction layer over computer hardware that allows the hardware  elements of a single computer  such as processor, memory , storage and more to be divided into multiple virtual computers , commonly called virtual machines(VMs)     Each VM  runs its own operating system and behaves like an independent computer, even though it is running on just a portion of the actual underlying hardware.     This is the technology that drives the cloud computing economics. This enables cloud providers to serve users with their existing physical computer hardware; it enables cloud users to purchase only the computer in resources they need when ...
Post a Comment
Read more

What are browser cookies and how they work

INTRODUCTION. Most internet users are familiar with the term Cookie because we see it pop up in most websites but do we know the purpose it serves. Let us start with what it is ,   a cookie (  also known as browser cookie , internet cookie , web cookie or HTTP cookie ) is small piece of data that websites store on your disk in the form of a text file.Cookies allow websites to store specific information helpful to remember each visitor uniquely. What do browser cookies do. The purpose of the computer cookie is to help the website track of your visits and activity and is not a bad thing.A good example are the online retailers to keep track of the items in user's shopping cart as they explore the site, without the cookies the shopping cart would reset to zero with every click. A website also uses the cookies to store information about you recent visits or record you login information which i do not really recommend from a security perspective Types of browser cookies. Session co...
5 comments
Read more