Skip to main content

Advanced UFW (Uncomplicated Firewall) Tutorial

Overview

UFW (Uncomplicated Firewall) is a frontend for iptables designed to make it easier to configure a firewall on Ubuntu and other Debian-based distributions. This tutorial covers advanced configurations for UFW, including managing incoming and outgoing traffic, rate-limiting, logging, and setting up rules based on IP ranges or MAC addresses.

Introduction

UFW provides a simple way to set up a firewall to control the traffic that enters or leaves your system. While UFW is easy to use for basic configurations, it also provides a rich set of advanced features that allow for more granular control over the network traffic.

This tutorial will guide you through several advanced use cases, such as:

  • Rate-limiting incoming connections to prevent brute-force attacks.
  • Setting default firewall policies for incoming and outgoing traffic.
  • Allowing connections from specific IP ranges or MAC addresses.
  • Logging blocked traffic for security audits.

Install and Enable UFW

To install UFW, use the following command:

sudo apt update
sudo apt install ufw

Once installed, you can enable UFW:

sudo ufw enable

To check the status of UFW:

sudo ufw status

Basic UFW Commands

  • Allow HTTP traffic on port 80:

    sudo ufw allow 80

  • Allow SSH traffic on port 22:

    sudo ufw allow 22

  • Deny a specific port (e.g., Telnet on port 23):

    sudo ufw deny 23

  • Allow SSH from a specific IP address:

    sudo ufw allow from 192.168.1.100 to any port 22

Advanced UFW Configuration

Enable Logging

You can enable UFW to log all blocked traffic by running:

sudo ufw logging on

Logs are typically stored in /var/log/ufw.log. To view logs in real-time, use:

tail -f /var/log/ufw.log

Rate Limiting

To prevent brute-force SSH attacks, you can limit the number of SSH connection attempts:

sudo ufw limit ssh

This limits SSH connections to 6 attempts per minute from the same IP address. If the limit is exceeded, the firewall will temporarily block further attempts.

Set Default Policies

You can set the default policies for incoming and outgoing traffic:

  • Deny all incoming traffic by default and allow all outgoing traffic:

    sudo ufw default deny incoming
    sudo ufw default allow outgoing

This makes sure that only the ports you explicitly allow will be open, and all others will be blocked.

Allow Specific IP Ranges

To allow traffic from a specific IP range, use:

sudo ufw allow from 192.168.1.0/24 to any port 80

This allows HTTP traffic on port 80 from any IP address within the 192.168.1.0/24 subnet.

Allow by MAC Address

If you need to allow or block traffic based on the MAC address of the device, use the following:

sudo ufw allow from 00:11:22:33:44:55 to any port 80

This allows traffic from the device with the MAC address 00:11:22:33:44:55 to port 80 (HTTP).

Deny All Incoming Traffic

If you want to deny all incoming traffic except for services you explicitly allow (like SSH or HTTP), you can configure the default policy as:

sudo ufw default deny incoming

This ensures that no incoming traffic can enter your system, and only the services you've allowed (e.g., SSH, HTTP) will be accessible. For example, to allow only HTTP and SSH, you'd run:

sudo ufw allow ssh
sudo ufw allow http

By denying all incoming traffic, you make your system more secure by ensuring that all ports are blocked by default unless specifically allowed.

Managing UFW Rules

To list all active UFW rules:

sudo ufw status verbose

To delete a specific rule, for example, to remove HTTP access:

sudo ufw delete allow 80

If you need to reset UFW to its default settings:

sudo ufw reset

This will remove all current rules and set the default policies.

Disabling UFW

To disable UFW:

sudo ufw disable

This will stop UFW and remove all rules, leaving your system without a firewall until it is enabled again.

Conclusion

UFW is a simple yet powerful tool for managing a firewall on Linux systems. With advanced configurations like rate limiting, default policies, MAC address filtering, and logging, you can greatly improve the security of your system. By combining these features, you can ensure that your server is well-protected against unauthorized access and attacks.

For more information, check out the official UFW Documentation.