Linux Server setup

Activate Firewall

The pre-installed firewall is called UFW. The abbreviation stands for "uncomplicated firewall". It is really uncomplicated and needs only a few commands for configuration.

We block all incoming requests except SSH.

Check the status of UFW:

__$ sudo ufw status


Status: inactive

If the firewall is already active, we turn it off for the time being to configure it:

__$ sudo ufw disable


Firewall stopped and disabled on system startup

Otherwise, we would lock ourselves out with the next settings.

Let's first block all incoming and allow all outgoing connections:

__$ sudo ufw default deny incoming
__$ sudo ufw default allow outgoing

For our SSH connection we have to enable the SSH service of course:

__$ sudo ufw allow ssh

It is also possible instead of the service to set the port: ufw allow 22.

Let's enable the firewall:

__$ sudo ufw enable

Since we have defined SSH rules, confirmation is required (y):

Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

To ensure that ufw is activated immediately after each reboot, we register the ufw service with the system and session manager systemd via systemctl:

__$ sudo systemctl enable ufw

Let's check the state again, this time with the verbose parameter, to additionally see a list of defined rules:

__$ sudo ufw status verbose


Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere
22/tcp (v6)                ALLOW IN    Anywhere (v6)

That's it for now with the firewall configuration. Later we will release more ports and services: for example 80 and 443 for the web server and the mail server service.

More commands for ufw are available in the bash cheat sheet at ufw.