Check the status of UFW:
__$ sudo ufw status
Output:
Status: inactive
If the firewall is already active, we turn it off for the time being to configure it:
__$ sudo ufw disable
Output:
Firewall stopped and disabled on system startup
Otherwise, we would lock ourselves out with the next settings.
Let's first block all incoming and allow all outgoing connections:
__$ sudo ufw default deny incoming
__$ sudo ufw default allow outgoing
For our SSH connection we have to enable the SSH service of course:
__$ sudo ufw allow ssh
It is also possible instead of the service to set the port: ufw allow 22.
Let's enable the firewall:
__$ sudo ufw enable
Since we have defined SSH rules, confirmation is required (y):
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
To ensure that ufw is activated immediately after each reboot, we register the ufw service with the system and session manager systemd via systemctl:
__$ sudo systemctl enable ufw
Let's check the state again, this time with the verbose parameter, to additionally see a list of defined rules:
__$ sudo ufw status verbose
Output:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
That's it for now with the firewall configuration. Later we will release more ports and services: for example 80 and 443 for the web server and the mail server service.
More commands for ufw are available in the bash cheat sheet at ufw.