How Can We Help?
securing the linux server using UFW is so simple, just add a few basic rules and it will do the rest with ip tables.
a good thing is to secure SSH and this can be easily done by writing these 2 lines
ufw allow proto tcp from 127.0.0.1 to any port 22 ufw deny proto tcp from any to any port 22
Now only localhost can access it.
Lets say you have the local iprange 192.168.1.0 and you want to allow everyone on your network to access port 80 (web) you would write
ufw allow proto tcp from 192.168.1.0/24 to any port 80 ufw deny proto tcp from any to any port 80
you can always use the command:
ufw status numbered
This will give you a list of all your rules in numbered list form. It applies the rules like this, and the first one that matches is used.
Status: active
To Action From
-- ------ ----
[ 1] Anywhere DENY IN xxx.xxx.xxx.xxx # Block SSH Spammer Beijing
[ 2] 80 ALLOW IN Anywhere
[ 3] 22 ALLOW IN Anywhere
[ 4] 25/tcp ALLOW IN Anywhere
[ 5] 143 ALLOW IN Anywhere
[ 6] 110 ALLOW IN Anywhere
[ 7] 443 ALLOW IN Anywhere
[ 8] 22/tcp ALLOW IN yyy.yyy.yyy.yyy
[ 9] 80 (v6) ALLOW IN Anywhere (v6)
[10] 22 (v6) ALLOW IN Anywhere (v6)
[11] 25/tcp (v6) ALLOW IN Anywhere (v6)
[12] 143 (v6) ALLOW IN Anywhere (v6)
[13] 110 (v6) ALLOW IN Anywhere (v6)
[14] 443 (v6) ALLOW IN Anywhere (v6)
Looking at the above rule 8 will not have any effect, since rule 3 already applies, i need a deny rule, and remove rule number 3.
ufw delete 3
The above will delete rule number 3. The new status should now contain an allow row just above the deny row.
If you need to insert a rule between other rules you can use this command, just replace X with a valid number:
ufw insert X allow proto tcp from 127.0.0.1 to any port 22 ufw deny proto tcp from any to any port 22
When done with all your magic, use:
ufw reload
To reload the firewall settings.
