How To Install UFW Firewall on Ubuntu 16.04 LTS

Install UFW Firewall on Ubuntu 16

The default firewall configuration tool for Ubuntu is ufw. Developed to ease iptables firewall setup, ufw provides a user friendly way to produce an IPv4 or IPv6 host-based antivirus. By default UFW is disabled.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation UFW Firewall on an Ubuntu 16.04 Xenial Xerus server.

Install UFW Firewall on Ubuntu 16.04 LTS

Step 1. First make sure that all your system packages are up-to-date

sudo apt-get update
sudo apt-get upgrade

Step 2. Installing UFW Firewall.

In Ubuntu 16.04, UFW is installed by default. If not, you can easily install it by running the following command:

apt-get install ufw

After installation, UFW is deactivated. If you configure your server via SSH, it is important to release SSH before you enable UFW:

ufw allow ssh

Step 3. UFW control.

Turn on:

ufw enable

Turn off:

ufw disable

Attention! The following are examples, please use only if you know what you are doing!

Allow protocol:

ufw allow ssh

Allow port:

ufw allow 22

Allow Port Ranges:

ufw allow 1000:2000

Prohibit connections:

Deny protocol:

ufw deny ssh

Deny port:

ufw deny 22

For more usage commands you can use the –help flag:

ufw --help

Congratulation’s! You have successfully installed UFW. Thanks for using this tutorial for installing UFW Firewall on your Ubuntu 16.04 system. For additional help or useful information, we recommend you to check the official UFW Firewall web site.

How To Configuration Iptables Firewall on CentOS

Configuration Iptables Firewall on CentOS

Iptables is a user space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables for Ethernet frames. (Read more on: wikipedia)

Configuration Iptables Firewall on CentOS

Setting up iptables

You can use the following procedure to verify that iptables has been installed and view the status of iptables. Open terminal and type the following command:

# iptables -V
# yum info iptables

iptables-centos

If the above message does not appear, you can type the following command to install iptables:

 # yum -y install iptables

Understanding Firewall, At present here are total four chains:

  • INPUT : The default chain is used for packets addressed to the system.
  • OUTPUT : The default chain generating from system.
  • FORWARD : The default chains is used when packets send through another interface.
  • RH-Firewall-1-INPUT : The user-defined custom chain.

Target Meanings

  • The target ACCEPT means allow packet.
  • The target REJECT means to drop the packet and send an error message to remote host.
  • The target DROP means drop the packet and do not send an error message to remote host or sending host.

The default iptables configuration on CentOS does not allow access to the HTTP (TCP PORT # 80) and HTTPS (TCP PORT # 443) ports used by Nginx web server. You can do step by step to configure:

Step 1: Flush all iptables rules

# iptables -F
# iptables -X
# iptables -t nat -F
# iptables -t nat -X
# iptables -t mangle -F
# iptables -t mangle -X

Step 2: Set default rules

# iptables -P INPUT DROP
# iptables -P FORWARD ACCEPT
# iptables -P OUTPUT ACCEPT

Step 3: Allow access to HTTP (port 80) and HTTPS (port 443)

# iptables -A INPUT -i lo -j ACCEPT 
# iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT 
# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
# iptables -A INPUT -p icmp -j ACCEPT
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

 Turn on and save iptables

Type the following two commands to turn on firewall:

# chkconfig iptables on
# service iptables save