Enable & Configure UFW on Ubuntu 18.04

nix

#1

Let’s give our fresh Ubuntu 18.04 Server some basic security by enabling UFW (Uncomplicated Firewall)

To do this, we need to run the following commands:

    sudo ufw status

By default it should return Status: inactive but in case it doesn’t You may already have UFW configured by your server provider. We need to make rules that tinker with your ssh connection and hence we want UFW to be disabled. to do that, we run sudo ufw disable:

    ubuntu@orng:~$ sudo ufw disable
    Firewall stopped and disabled on system startup

Next step is to create default policies. As we know that our server is not used by anyone except us and we want it to be able to check and download necessary security updates, we allow it to make outbound connections however, we do not want it to let anyone connect to our server.

So we create:

    sudo ufw default allow outgoing
    sudo ufw default deny incoming

Now we enable ssh connections (Port 22) to allow ssh connections to server:

sudo ufw allow ssh 

Now we enable our nginx webserver:

sudo ufw allow "Nginx Full"

Now that all our necessary ports are open, we can safely re-enable ufw using sudo ufw enable :

    ubuntu@orng:~$ sudo ufw enable
    Command may disrupt existing ssh connections. Proceed with operation (y|n)? Y
    Firewall is active and enabled on system startup

We can also check the enabled rules using the sudo ufw status command

root@eddy:~$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
Nginx Full                 ALLOW       Anywhere
22/tcp (v6)                ALLOW       Anywhere (v6)
Nginx Full (v6)            ALLOW       Anywhere (v6)

If You have any questions, be sure to comment them below.


Setting up LEMP on Ubuntu 18.04 (Fresh Install/Upgrade)
#2

#3

#4

Hi,

I followed this guide for Ubuntu 16.04 x64. At last, I had below message.


22/tcp ALLOW Anywhere
Nginx Full ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)


Now, I am unable to login to SSH. It says, connection timed out. Any idea, what’s may be an issue?

Thanks


#5

The issue will probably in your SSH Daemon. Have you tried restarting the server?


#6

Hi… I just realized that SSH was blocked.

image

Now, it’s working.

CC: @rishi