UFW – Uncomplicated Firewall Primer
A host firewall can improve the security of any operating system, however configuration can sometimes be tricky or cumbersome. The uncomplicated firewall (UFW) was designed with simplicity in mind. While it uses the command line and has a limited set of simple commands it is a powerful and formidable security mechanism able to reduce the attack surface. UFW utilizes the tried and true ‘iptables‘ for configuration which of course uses the Linux Kernel Firewall.
I’ve already talked about UFW in passing, when I introduced you to Gufw, a graphical user interface to the uncomplicated firewall. You can read it here However today I’d like to talk more about the command line. Unfortunately as is the case in the Linux Server world, you may not have the luxury of GUI, especially if the server is in a remote location. At that point it’s command line all the way baby! In which case being comfortable with UFW’s commands come in handy.
First and foremost typing ‘ufw –help‘ lists all available commands.
Cool, but how do I enable the firewall? Issuing ‘ufw enable‘ will turn it on.
Once enabled, you may review existing rules through ‘ufw show raw‘, and by the way if you’re not sure of command options, pressing TAB displays available arguments. (nice shortcut).
Ok, so how do I configure some useful settings? Before enabling the firewall I would suggest we set the firewall to default DENY all inbound traffic. This should be done before enabling the firewall. If you’ve already gone ahead and enabled it, simply disable, change to default deny and re-enable the firewall. If you ever find yourself at the airport or using questionable public WiFi, and want to disappear with little fuss, enable ufw and you’re inaccessible on the network. (Don’t forget default DENY, applies to inbound traffic only. Outbound traffic is unaffected, all ports are allowed through the firewall.) If you’re adventurous and would like to view ufw rules in all their glory, find them in ‘/etc/ufw/‘, have a look at ‘before.rules‘, or issue command ‘ufw show before-rules‘.
What about logging? UFW default settings, set logging to ‘low‘. However an option to increase logging to ‘medium‘, ‘high‘ or ‘full‘ is available. For most environments ‘low‘ is sufficient, it logs all denied packets. However, if you get a kick from reviewing logs, set logging to full and you’ll see everything. By the way, logs are stored in ‘/var/log/ufw.log‘
Next week I’ll take you through some common scenarios.