Set up Ubuntu’s Built-In Firewall
Ubuntu’s built-in firewall is named ufw (uncomplicated firewall).
Actually Ufw is just an utility which makes it easier to configure the complex IP packet filter rules for the Linux kernel firewall which is since Linux kernel 2.4.x and later Netfilter.
Netfilter who was written by Rusty Russel was merged in March 2000 into the Linux kernel 2.4.x and later kernel series. The predecessor was ipchains in the kernel 2.2 series.
Normally to configure these rules you used in past iptables and now the successor nftables (since Linux kernel 3.13).
Ufw is a frontend for iptables and nftables which makes it much easier to configure these rules.
Also iptables and nftables itself are just used to connect to Netfilter which is a framework inside the Linux kernel.
Netfilter offers various functions and operations for packet filtering, network address translation, and port translation, which provide the functionality required for directing packets through a network and prohibiting packets from reaching sensitive locations within a network.
iptables is the userspace command line program used to configure the Linux 2.4.x and later packet filtering ruleset. It is targeted towards system administrators.
nftables is the successor of iptables, it allows for much more flexible, scalable and performance packet classification. This is where all the fancy new features are developed.
nftables is now the default in and since Debian 10, Ubuntu 20.04, RHEL 8, SUSE 15 and Fedora 32.
To check the version of nftables you can use
$ nft -V
You can still use iptables in Ubuntu’s new releases (i.e, using iptables syntax with the nf_tables kernel subsystem) but with nf_tables as the default backend.
As you can see below wenn executing the update-alternative –config iptables command, you can also switch to the legacy iptables tool.
$ iptables -V
$ iptables-nft -V
By executing the update-alternative –config iptables command, you can see all installed versions.
Normally Ufw is by default installed on Ubuntu but not enabled, if not you can install it as follows.
$ apt update
$ apt upgrade
$ apt install ufw
By default ufw is disabled. So before enable Ufw, you should first configure and allow the ports you need to access Ubuntu, like SSH.
$ sudo ufw allow ssh
Or you can enter the port number directly for the service, this will allow TCP and UDP Port 22
$ sudo ufw allow 22
To just allow TCP traffic on the port
$ sudo ufw allow 22/tcp
To remove you can use
$ sudo ufw delete allow ssh
$ sudo ufw delete allow 22
Ufw by default will set the rule for incoming traffic, to block outbound traffic you can also specify a direction
$ sudo ufw reject out ssh
To remove the outbound rule use
$ sudo ufw delete reject out ssh
If you want to block traffic just from a specific IP
$ sudo ufw deny proto tcp from 188.8.131.52 to any port 22
If you want to allow traffic from just a specific IP
$ sudo ufw allow proto tcp from 192.168.0.2 to any port 22
To enable ufw
$ sudo ufw enable
To disable ufw
$ sudo ufw disable
To check the rules and if ufw is enabled
$ sudo ufw status
To reset the firewall to its default state
$ sudo ufw reset
ufw – Uncomplicated Firewall