Here is how you can allow a firewall with UFW on Ubuntu. In particular on Vultr’s instance i.e. Ubuntu 20.04 LTS.
Prerequisites
- Have an Ubuntu 20.04 x64 instance.
- Logged in as a root with sudo privileges.
Ubuntu Linux server comes with firewall configuration tool called ufw (Uncomplicated Firewall). It uses a command-line interface consisting of a small number of simple commands, and uses iptables for configuration. UFW is installed by default on Ubuntu. If it has been uninstalled for some reason, you can install it with the following command:
sudo apt install ufw
To list all UFW rules, you can use the following command:
sudo ufw status verbose
And the output will be:
Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 22 ALLOW IN Anywhere 22 (v6) ALLOW IN Anywhere (v6)
Allowing Other Connections
Depending on the applications that run on the system, you may also need to open other ports. The general syntax to open a port is as follows:
ufw allow port_number/protocol
To allow incoming tcp packets on port 22, please enter the following command:
sudo ufw allow 22
And the output will be:
Rule added Rule added (v6)
To allow port for a specific web server such as Apache or Nginx please execute the below command:
sudo ufw allow in "Apache Full"
sudo ufw allow in "Nginx Full"
and the output will be
Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 22 ALLOW IN Anywhere 80/tcp (Nginx HTTP) ALLOW IN Anywhere 22 (v6) ALLOW IN Anywhere (v6) 80/tcp (Nginx HTTP (v6)) ALLOW IN Anywhere (v6)
Denying Connections
If you want to close ports or block certain IP addresses then you can use the following command:
sudo ufw deny port_number/protocol/IP addresses
For example, if you want to deny port 25 connections, you could use the following command:
sudo ufw deny 25/tcp
Or if you want to deny all connections from 203.0.113.4
you could use this command:
sudo ufw deny http
Conclusion
Your firewall is now configured to allow connections with UFW. To get your server functional and secure, make sure to allow any other incoming connections that your server needs.