Install and Enable UFW
#sudo apt-get install ufw
#sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)?
Enter Y, and proceed to allow connections to your server
Firewall is active and enabled on system startup
Check whether UFW is running:
#sudo ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
Allow Connections to Your Server
#sudo ufw allow 80
#sudo ufw allow 80/tcp
#sudo ufw allow 443/tcp
If you are unsure of its port number. For example, to enable MySQL:
#sudo ufw allow mysql
Specify Filtering Mode
Incoming Traffic.
#sudo ufw allow in ftp
Outgoing Traffic.
#sudo ufw allow out smtp
Deny Connections to Your Server
#sudo ufw deny 3306
Removing Firewall Rules
Checking UFW status with the parameter numbered
. This allows you to select a rule by entry number.
#sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] Apache DENY IN Anywhere
[ 2] 80 DENY IN Anywhere
[ 3] 22 ALLOW IN Anywhere
(out)
Delete the rules by the numbers in square brackets[]
#sudo ufw delete 3
Set Logging Level
By default, the Uncomplicated Firewall logging level is set to low. However, multiple logging levels are supported, and you have a preferred setting based on what firewall logs you wish to keep.
off
disables ufw logging.
low
logs blocked packets that don’t match your set rules and packets matching logged rules.
medium
logs low level, allowed packets that don’t match the set policy, invalid packets, and all new connections to your server.
high
logs medium without attempts/rate-limiting and all packets with attempt limiting.
full
logs all firewall packets without rate/access attempts limiting.
To set your UFW logging level, use the command below.
#sudo ufw logging LEVEL
For example:
#sudo ufw logging medium
To enable logging for a specific firewall rule, such as SSH, use the command.
#sudo allow log 22/tcp
Enable IPV6 Support
#sudo vim /etc/default/ufw
Locate the IPV6 line and make sure it is set to yes
IPV6=yes
Disable / Reload UFW
To disable (stop) Uncomplicated Firewall, run the command.
#sudo ufw disable
If you need to reload UFW (reload rules), use the reload
parameter.
#sudo ufw reload
To restart UFW, you will need to disable it first and then enable it again.
#sudo ufw disable
#sudo ufw enable
Again, before enabling UFW, make sure that the SSH port is allowed for your IP address.
Back to Default Settings
If you need to reset UFW back to default settings, type the following command. This will delete all existing rules and reset the firewall to default values.
user@example:~#ufw reset
Resetting all rules to installed defaults. This may disrupt existing ssh
connections. Proceed with operation (y|n)?
https://www.vultr.com/docs/how-to-configure-uncomplicated-firewall-ufw-on-ubuntu-20-04/