UFW (Uncomplicated Firewall) is a simple yet powerful tool to manage your firewall on Linux systems. This guide will walk you through the steps to install and configure UFW on both Debian-based and Red Hat-based systems.
Installing UFW
On Debian-based Systems (e.g., Ubuntu, Debian)
- Update the package list:
sudo apt update - Install UFW:
sudo apt install ufw
On Red Hat-based Systems (e.g., RHEL, CentOS, Fedora)
- Enable the EPEL repository (if not already enabled):
sudo yum install epel-release - Install UFW:
sudo yum install ufw
Configuring UFW
Once UFW is installed, you can start configuring your firewall rules.
Basic Commands
- Enable UFW:
sudo ufw enable - Disable UFW:
sudo ufw disable - Check UFW status:
sudo ufw status
Setting Up Default Policies
It’s recommended to set default policies to deny incoming traffic and allow outgoing traffic:
sudo ufw default deny incoming
sudo ufw default allow outgoingAllowing and Denying Specific Ports
- Allow SSH:
sudo ufw allow ssh - Allow HTTP (port 80):
sudo ufw allow 80/tcp - Allow HTTPS (port 443):
sudo ufw allow 443/tcp - Deny a specific port (e.g., port 23):
sudo ufw deny 23/tcp
Advanced Configuration
- Allow a specific IP address:
sudo ufw allow from 192.168.1.100 - Allow a specific subnet:
sudo ufw allow from 192.168.1.0/24 - Allow a specific IP address to a specific port:
sudo ufw allow from 192.168.1.100 to any port 22
Logging and Monitoring
Enable logging to monitor UFW activity:
sudo ufw logging onTo view the UFW logs, you can check the /var/log/ufw.log file.
Conclusion
UFW is a user-friendly tool to manage your firewall rules on both Debian and Red Hat-based systems. By following the steps outlined in this guide, you can enhance the security of your server with minimal effort. For more advanced configurations, refer to the official UFW documentation.
