dah85.com

Just another blog

Setting up UFW for the first time

- Posted in Quick Tip by with comments

Securing a Linux machine is always a good idea, and here's the simplest way to do it.

First, install ufw and check the status. It should be disabled by default.

apt-get install ufw
ufw status

Second, we will enable the default rules which will be to block all incoming and allow all outgoing.

ufw default deny incoming
ufw default allow outgoing

Now for specific ports to open. Here I will allow SSH (22), HTTP (80) and HTTPS (443), webmin (10000) and seafile (8000)

ufw allow ssh
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 8000/tcp
ufw allow 10000/tcp

Now we enable it, and then check the status.

ufw enable
ufw status

To disable it.

ufw disable

To reset back to default

ufw reset

And that's it, all incoming traffic is blocked except what has been explicitly allowed, and all outgoing traffic is allowed.

-Dave