This is a basic orientation for the UFW application. This should provide insights you’re probably not aware of, but many might assume you already know.
I like that, by default, it distrusts the world – blocking everything. Instead of worrying what needs to be closed, it makes you focus on what you need to open.
If you’re configuring a web server, you might want to consider the following configurations:
UFW was introduced to simplify the process of using IPTables. Keep this in mind and you’ll better appreciate it’s application and the associated syntax.
In the above example, working a web server, this is how you would make sure each application works.
One approach might be to open the ports themselves, independent of the application:
# ufw allow 80/tcp # ufw allow 443/tcp # ufw allow 22 # ufw 25
Alternatively, you could use basic language like this to open the ports associated with an application:
# ufw allow ‘Apache Full’ # ufw allow ssh
# ufw allow http # ufw allow https
In each instance, the common name will open the associated ports with Apache and SSH.
Enabling and disabling is straight forward. When you have your configuration set, enable UFW and check the status of your configurations.
# ufw enable # ufw status
The status command will give you a good list of what you’ve configured.
A great resource to dive deeper into the possible configurations can be found on DigitalOcean’s UFW Essentials: Common Firewall Rules and Commands.