Managing firewall using the only tables can be a daunting task and it takes time to be proficient. Many frontends for iptables have been created over the years targeting different audiences. UFW is a frontend for iptables and is particularly well-suited for host-based firewalls. UFW or Uncomplicated Firewall is developed to provide an easy-to-use interface for IPv4 or IPv6 host-based firewall. It provides a command-line interface for manipulating the firewall.
For Ubuntu, ufw is the default firewall configuration tool but it is disabled by default. UFW is not available in centos by default but it is available in the EPEL repository. UFW is a wrapper for iptables and netfilters.
Installing UFW
- Ubuntu
UFW is available in most Ubuntu-based distributions. If it is not available you can install it using the following command.
# apt-get install ufw -y
- Centos
UFW is not available in centos by default. EPEL repository needs to be installed first. You can install the same using the following command.
# yum install epel-release -y
Once the EPEL repository is installed, UFW can be installed using the following command.
# yum install --enablerepo="epel" ufw -y
You can check the installation by running the following command.
# ufw --version ufw 0.35 Copyright 2008-2015 Canonical Ltd.
Check Status
The status of UFW can be checked anytime using the following command. Initially, the UFW will be inactive.
# ufw status Status: inactive
If the UFW is active then it will show the list of all rules.
# ufw status Status: active To Action From -- ------ ---- 3333 ALLOW 122.165.118.184 22 ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6)
Enable the Firewall
To prevent yourself from locking out if you are working over SSH, you should set up the basic rules first and then enable UFW.
To allow both incoming and outgoing connections on port 22 (or any port) for SSH, you can use the following command.
# ufw allow ssh or # ufw allow 22 or # ufw allow <port number>
The following command can be used to enable UFW and enforce your firewall rules.
# ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)?y Firewall is active and enabled on system startup
Similarly, UFW can be disabled by using the following command.
# ufw disable Firewall stopped and disabled on system startup
Using IPv6 with UFW
If the server is configured for Ipv6 then UFW must be configured to support Ipv6 so that it will be configured for both IPv4 and IPv6. In order to configure the same open the UFW configuration file “/etc/default/ufw”.
# vi /etc/default/ufw
Make sure that “IPV6” is set to “yes”.
IPV6=yes
You will need to ‘disable’ and then ‘enable’ the firewall (restart your firewall) for the changes to take effect.
# ufw disable # ufw enable
Enable Logging
UFW logging can be enabled using the following command.
# ufw logging on Logging enabled
Similarly, logging can be disabled using the following command.
# ufw logging off Logging disabled
A normal log entry in “/var/log/ufw.log” is given below.
May 24 12:39:11 sage2 kernel: [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=122.252.14.170 DST=10.212.135.1 LEN=83 TOS=0x00 PREC=0x00 TTL=63 ID=41805 DF PROTO=TCP SPT=443 DPT=33463 WINDOW=136 RES=0x00 ACK PSH URGP=0
The log values can be explained as below :
- [UFW BLOCK]: This location is where the description of the logged event will be located. In this instance, it blocked a connection.
- IN: The event was incoming if this contains a value.
- OUT: The event was outgoing if this contains a value.
- MAC: A combination of the destination and source MAC addresses
- SRC: The IP of the packet source
- DST: The IP of the packet destination
- LEN: Packet length
- TTL: The packet TTL, or time to live. How long it will bounce between routers until it expires if no destination is found.
- PROTO: The packet’s protocol
- SPT: The source port of the package
- DPT: The destination port of the package
- WINDOW: The size of the packet the sender can receive
- SYN URGP: Indicated if a three-way handshake is required. 0 means it is not.
You should have installed and configured UFW on your server now. Using UFW you will be able to protect your server from most common attacks. Make sure to allow all incoming connections that are necessary for the proper functioning of the server.
