How to Configure Basic Firewall Rules on Ubuntu (SSH, HTTP,HTTPS Only) Using UFW


2 views

UFW (Uncomplicated Firewall) is Ubuntu's default firewall configuration tool that simplifies iptables management. For developers needing basic network security on Ubuntu servers, UFW provides an efficient way to control incoming and outgoing traffic.

First, check if UFW is already installed (it usually comes pre-installed on Ubuntu):

sudo ufw status

If not installed, you can install it with:

sudo apt update
sudo apt install ufw

The most secure approach is to block everything first, then selectively allow:

sudo ufw default deny incoming
sudo ufw default allow outgoing

Now we'll enable the required services (SSH, HTTP, HTTPS):

sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https

Alternatively, you can specify ports directly:

sudo ufw allow 22/tcp  # SSH
sudo ufw allow 80/tcp  # HTTP
sudo ufw allow 443/tcp # HTTPS

For more precise control, you can specify IP ranges or limit connections:

# Allow SSH only from specific IP
sudo ufw allow from 192.168.1.100 to any port 22

# Rate limit SSH connections
sudo ufw limit ssh

After configuring rules, enable the firewall:

sudo ufw enable

Verify the status with:

sudo ufw status verbose

If you get locked out after enabling the firewall:

# Access the server through recovery mode or console
sudo ufw disable
# Then check your rules and try again

UFW rules persist automatically, but you can verify with:

sudo systemctl status ufw

Ensure the service is enabled to start at boot:

sudo systemctl enable ufw

To monitor blocked attempts:

sudo tail -f /var/log/ufw.log

UFW (Uncomplicated Firewall) is Ubuntu's built-in firewall management tool that simplifies iptables configuration. For server security, we'll focus on allowing only essential services while blocking everything else by default.

First, check if UFW is installed and enable it:

sudo apt update
sudo apt install ufw
sudo ufw enable

The security-first approach means denying all incoming traffic by default while allowing outgoing:

sudo ufw default deny incoming
sudo ufw default allow outgoing

Now permit SSH, HTTP, and HTTPS traffic:

sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https

Alternatively, using port numbers for precision:

sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

Check your configuration with:

sudo ufw status numbered

Sample output should show:

Status: active
To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere

For production servers, consider rate limiting SSH to prevent brute force attacks:

sudo ufw limit ssh

To allow specific IP ranges (e.g., office network):

sudo ufw allow from 192.168.1.0/24 to any port 22

Before applying, test your SSH connection in another session to avoid locking yourself out. Once confirmed, reload the firewall:

sudo ufw reload

If locked out of SSH, use the console through your hosting provider's dashboard to:

sudo ufw allow ssh
sudo ufw reload