Uncomplicated Introduction to Uncomplicated Firewall

When I started using Linux, back in 97, working with the built-in firewall was not something anyone could do. In fact, it was very complicated. Starting around 1998, if you wanted to manage the security of a system, you had to learn iptables (which is a set of commands for handling Netfilter’s packet filtering system).

For example, if you want to allow all incoming traffic from the secure shell (SSH), you may have to issue commands like this:

sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT

All this is well and good if you have time not only to master the Linux operating system, but also to learn the subtleties of managing a complex security system. To be fair, I took the time and was eventually able to manage the security of my systems using iptables.

However, the busier you are, the harder it becomes to maintain the level of proficiency required to keep up with iptables. Over time, things started getting more accessible and some Linux distribution developers started realizing that an easier system was necessary. An easily accessible Linux firewall appeared with Ubuntu (circa 12.04). This firewall is aptly called the uncomplicated firewall.

Uncomplicated Firewall (UFW) is an iptables interface that focuses on simplicity. Compared to iptables, UFW is a fun walk through the park that anyone can handle.

Let’s walk down the UFW lane and see how simple it is to manage a Linux firewall.

There are two things you should know about UFW:

  • It is a command line tool.
  • GUI tools are available to make it easier.

UFW Command Line Basics

The UFW command is actually quite simple. Let’s stick to our SSH idea from above. Let’s say you want to allow other systems to access your machine via SSH (which is listening on port 22).

First, you’ll want to see if UFW is enabled or not. Guess what… not by default. Test this by opening a terminal window and issuing the command:

sudo ufw status

You will likely see the following:

Status: inactive

How can you activate it? issued the command:

sudo ufw enable

The output of the command should be:

Firewall is active and enabled at system startup

Congratulations, your firewall is now active.

Regarding the basic usage of UFW, it looks like this:

sudo ufw ARGUMENT SERVICE

Where the ARGUMENT is either allow, deny, deny, select, state, view, reset, reload, enable or disable, and the service is the service you want to work with (eg SSH or HTTP).

Next, we need to allow SSH traffic in the system. Believe it or not, this is as simple as:

sudo ufw allow ssh

You can also run the command with the port number, like this:

sudo ufw allow 22

Or, if you run SSH on port 2022, this command will be:

sudo ufw allow 2022

If you are on a server and need to allow HTTP traffic, this command would be:

sudo ufw allow http

Let’s move forward a bit

One of the great things about UFW is that even using the more advanced features doesn’t require advanced knowledge. Let’s say, for example, that you want to allow SSH traffic, but only from a specific IP address on your network.

If you have already allowed incoming SSH traffic, you will first need to delete this rule using:

sudo ufw delete allow ssh

Now, if you try to SSH into the machine, the firewall will block the attempt. So, let’s allow SSH connections from the IP address 192.168.1.152. So, we will issue the command:

sudo ufw allow from 192.168.1.152 to any port ssh

After running the above command, you should be able to login to the machine, via SSH, only from the remote system at IP address 192.168.1.152.

How about a GUI?

If the command line isn’t your jam, there’s always a handy GUI tool to make it easier. One such tool is GUFW, which allows you to point and click your way to UFW firewall rules. If you don’t have UFW installed on your Linux distribution by default, you will find it in your App Store. Once installed, open the app and click on the Rules tab (shape 1).

The main GUFW window displays the current firewall rules.

GUFW Tool makes configuring your firewall easier.

Photo: Jack Wallen

As you can see, I already have some UFW bases added. One thing to keep in mind is that you cannot edit rules that have been added via the UFW command line. Let’s add the same rule via the GUI that we just did from the command line. Click + and then (from the Preconfiguration tab) select the following:

  • Politics – Allow
  • direction – in
  • Category – All
  • Subcategory – All
  • Application – SSH

This alone will create the rule that allows all SSH traffic in your system. However, if you want to allow traffic from only one IP address, you have to click on the Advanced tab and fill in the following (Figure 2):

  • Name – any name you want
  • Politics – Allow
  • direction – in
  • Interface – all interfaces
  • From – 192.168.1.152
Tab

Add a rule to UFW to only allow SSH traffic from IP address 192.168.1.62

Photo: Jack Wallen

Click Add and your rule will be listed in the firewall.

And that, my friends, is your uncomplicated introduction to an uncomplicated firewall. But don’t think that UFW is nothing more than a very basic firewall system. You can actually get a lot more complicated but for the basics, UFW is easy enough for anyone to use.