First, write firewall rules to reject access to the server through the firewall. Ubuntu Server uses a firewall named Uncomplicated Fire Wall (UFW), which is actually an iptable management tool. Iptable filters network data packets based on a series of rules compiled by the system administrator. For beginners, iptable may be complicated, so UFW simplifies it. UFW can help you enhance your server. However, if you are really interested in server security, you can learn how to write rules for iptable so that you can better adjust the server security level.
To use UFW, you must install it. Perform the following steps:
Input from command line
Sudo aptitude install ufw
Press Enter and Enter the password. Press Enter again to install the software package.
To enable the firewall, enter the following content:
Sudo ufw enable
Press Enter. You will see the message Firewall started and enabled on system startup. Now you can create rules for your firewall.
Remember how you changed the SSH port before?
To use UFW to open the port by creating a rule, enter the following content in the command line:
Sudo ufw allow65000
This command allows access through Port 65000 and allows SSH communication to enter the server.
To deny access through this port, run the following command:
Sudo ufw deny 65000
To allow or deny specific communications on TCP port 65000, run the following command:
Sudo ufw allow65000/tcp
You can also allow or deny communication according to the protocol used for communication. For example, to prevent all HTTP communication, run the following command:
Sudo ufw deny http
You can create more complex rules to deny or allow services based on the service IP address. For example, if your computer has an IP address 192.168.1.30 and your server has an IP address 192.168.1.5, you can only allow the IP address of your computer to establish an SSH connection:
Sudo ufw allow proto tcp from 192.168.1.30 to 1921381.5 port 65000
To check the rules currently running UFW, enter:
Sudo ufw status
You will see the list of rules compiled for the firewall. If you want to delete a rule, enter:
Sudo delete [rule]
Ufw is a simple firewall configuration tool in Ubuntu, and the underlying layer still calls iptables for processing. although its functions are simple, it is more practical for desktop applications and has basic common functions, it is easy to use.
1. install
Sudo apt-get install ufw
2. Enable
Sudo ufw enable
Sudo ufw default deny
After running the preceding two commands, the firewall is enabled and automatically enabled when the system starts.
Disable all external access to the local machine, but the local access to the external is normal.
3. enable/disable
Sudo ufw allow | deny [service]
Open or close a port, for example:
Sudo ufw allow smtp allows all external IP addresses to access the local port 25/tcp (smtp ).
Sudo ufw allow 22/tcp allows all external IP addresses to access the local port 22/tcp (ssh)
Sudo ufw allow 53 allows external access to port 53 (tcp/udp)
Sudo ufw allow from 192.168.1.100 allows this IP address to access all local ports
Sudo ufw allow proto udp 192.168.0.1 port 53 to 192.168.0.2 port 53
Sudo ufw deny smtp prohibit external access to the smtp service
Sudo ufw delete allow smtp delete a rule created above
4. view the firewall status
Sudo ufw status
For general users, only the following settings are required:
Sudo apt-get install ufw
Sudo ufw enable
Sudo default deny
The preceding three commands are safe enough. if you need to open some services, use sudo ufw allow.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
