Let’s give our fresh Ubuntu 18.04 Server some basic security by enabling UFW (Uncomplicated Firewall)
To do this, we need to run the following commands:
sudo ufw status
By default it should return
Status: inactive but in case it doesn’t You may already have UFW configured by your server provider. We need to make rules that tinker with your ssh connection and hence we want UFW to be disabled. to do that, we run
sudo ufw disable:
ubuntu@orng:~$ sudo ufw disable Firewall stopped and disabled on system startup
Next step is to create default policies. As we know that our server is not used by anyone except us and we want it to be able to check and download necessary security updates, we allow it to make outbound connections however, we do not want it to let anyone connect to our server.
So we create:
sudo ufw default allow outgoing sudo ufw default deny incoming
Now we enable ssh connections (Port 22) to allow ssh connections to server:
sudo ufw allow ssh
Now we enable our nginx webserver:
sudo ufw allow "Nginx Full"
Now that all our necessary ports are open, we can safely re-enable ufw using
sudo ufw enable :
ubuntu@orng:~$ sudo ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? Y Firewall is active and enabled on system startup
We can also check the enabled rules using the
sudo ufw status command
root@eddy:~$ sudo ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere Nginx Full ALLOW Anywhere 22/tcp (v6) ALLOW Anywhere (v6) Nginx Full (v6) ALLOW Anywhere (v6)
If You have any questions, be sure to comment them below.