Introduction:

In this tutorial, we will use Ubuntu 18 server and UFW to secure your server. UFW is an interface to iptables that help you configure a firewall for your Ubuntu Server. For beginners is difficult to learn how to use a firewall properly with iptables, that is why UFW will make you more easy and comfortable to secure your server.

If you don't already have a server. You can start off by ordering a Linux VPS

 

Step 1 - Installing UFW:

First, let's get started by installing UFW on our server by running the following command:

apt-get install ufw

Step 2 - Setting default policies:

After UFW installed on your server, UFW has default policies to deny all incoming connections to your server and allow all outgoing connections from your server. It means anyone can’t reach your server from the outside, but your server is able to reach the outside
To set the default UFW, you can use these command

ufw default deny incoming
ufw default allow outgoing

Step 3 - Allowing SSH:

After you block all connections, you need to open the SSH port if you want to manage your server.
Usually, every server has a default port that needs to be opened.
For Linux server like Ubuntu, we need to open port 22 for Public or certain IP. But if you have a custom SSH port, you can specify this to use the custom port. Below is the command to open port 22 or SSH

ufw allow ssh

Step 4 - Enabling UFW:

Everything has been configured, now we can enable UFW on the server:

ufw enable

Now port 22 / ssh of your server has opened. You can access it from everywhere. We can verify by using the following command :

Allowing Range-Ports:

But how if you have port range that want to open? You don’t need to open the port one by one, but you can open it by using range port.
On this example, we want to open port VNC port from 5900 – 5905 :

ufw allow 5900:5905/tcp

Denying a port:

After we have allowed some port or IP Address to your server, sometime we need to deny the connection.
Deny connection is needed if there is attacker attacks your application then you want block the attacker connection.
You can imagine you have a website but there is a website attack that make your website fell so slow.
We can block the IP Address of attacker after found in your website log.

To block the connection we can replace allow rule to be deny rule, for this example, we will deny Port:80

ufw deny 80
Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

Installing Nox Player on Windows Server

Introduction: Nox Player is an Android-Emulator that lets you run Android Apps on your...
Changing a Linux VPS SSH Port

Changing Secure Shell Default Port (22)   The default port number is (22/TCP). You...
How to configure GIT Username & Mail

Introduction: Git is a distributed version control system that’s being used by most software...
How to Install Composer on Ubuntu 20.04

Introduction: To follow this guide, you’ll need access to an Ubuntu 20.04 server as a sudo user....
How to Install Docker on Ubuntu 21.04 & Ubuntu 20.04

Introduction: This tutorial will explain how you'll need to install Docker on Ubuntu 21.04...