The Linux operating system is one of the most robust and secure operating systems that you can get your hands on. But that does not mean it is not prone to security breaches at all.
When it comes to information security, it is important to take a proactive approach to avoid data breaches. This guide shows you how to add an extra level of security by enabling and configuring the firewall on your Ubuntu Linux system.
Why Use a Firewall?
Data security in a world of interconnected devices is of paramount importance and it starts with you and your device. Apart from following other security measures and using secure passwords, a firewall can help in keeping your system safe.
A firewall is a network program used for managing and controlling incoming and outgoing traffic on a network.
Ubuntu Linux comes with the firewall application UFW, which is short for Uncomplicated Firewall, a simple and efficient application for managing your firewall. With UFW, you can configure your firewall and set restrictive policies to protect your computer on a network.
UFW is based on iptables, a kernel native administrative tool for managing and filtering network connections.
Checking the Status of Your Firewall
Ubuntu Linux has the firewall disabled by default. Before you start configuring your firewall, you need to check whether it is active or disabled.
sudo ufw status
From the output above, it shows that the firewall is active and that other devices can access port 5900 to initiate a connection. Mostly, VNC servers use port 5900 to allow remote desktop connections.
If the status output says inactive, then you need to enable the firewall on your machine.
Enabling the Firewall With UFW
To enable your firewall, simply run the following command.
sudo ufw enable
Your firewall is now enabled and will start automatically whenever the system boots. If you re-run the sudo ufw status command you will see that your firewall is active now.
Tip: Whenever you make changes with the ufw command, make sure to reload your firewall to register those changes.
sudo ufw reload
Enable Firewall Logging With UFW
System logging is a security mechanism responsible for registering and keeping records of certain events that happen on your computer. Your Linux operating system is constantly logging important events and the Ubuntu firewall is no exception.
Firewall logging is disabled by default on Ubuntu Linux. To enable firewall logging:
sudo ufw logging on
On Ubuntu, the /var/log/ufw.log file stores the firewall logs.
Defining and Deleting Rules
If you want to explicitly open certain ports on your computer to the outside, you can do so using the allow option followed by the port number. For example, to explicitly allow HTTP connections from other computers you need to enable port 80.
sudo ufw allow 80
You can also use the service name of the port instead of the port number. Therefore, to allow the HTTP service:
sudo ufw allow http
If you check the status of the firewall you will find that port 80 (HTTP) is now enabled on the firewall.
sudo ufw status
As you can see, port 80 is now defined to allow connections from other computers.
To remove the firewall rule allowing connections on port 80:
sudo ufw delete allow 80
Closing a Port Temporarily
To temporarily close a port without deleting its rule, you can use the ufw deny command. For example to close port 80:
sudo ufw deny 80
Profiling Applications With UFW
Certain applications on your system will make use of specific port numbers to function smoothly. For security purposes, these applications will have a UFW profile. To list applications that have a UFW profile, use the following command.
sudo ufw app list
The applications with a UFW profile have a file saved in the /etc/ufw/applications.d directory. Taking a look at one of the files in this directory will show you which port the application is using and the description of the application.
Allowing Connections From Specific IP Addresses
Sometimes you might want to trust specific IP addresses to connect to your PC. For example to only allow connections from the IP address 192.168.10.197 you can use the following command:
sudo ufw allow from 192.168.10.197
To remove or delete the IP address from the list of allowed addresses:
sudo ufw delete allow from 192.168.10.197
Testing Firewall Rules
In some cases, you might want to test firewall rules before you apply them to appreciate the effect they will have. For example, to test opening the SSH port without applying the changes, you can do the following:
sudo ufw --dry-run allow ssh
Firewall Protection Alone Is Not Enough
The Ubuntu firewall gives you the possibility to configure and protect your computer on a network but keeping your system secure is multifaceted. The firewall alone is not enough to secure your system and that’s why you should always follow good security measures such as using strong passwords for your accounts.