Defense 101: Configuring a Firewall with UFW

NetworkingLinuxCybersecurity
Written By Roy Williams

Welcome Readers!

In today’s post, we’re diving into some cybersecurity basics, focusing on the Uncomplicated Firewall (UFW) in Ubuntu. I am using an Oracle Cloud Instance Free Tier for this process. I’ll guide you through the simple steps of setting up UFW and using it to monitor and control network ports in action, ensuring your system stays secure from unwanted access. If you’ve been following along with my previous blog on networking, you’ll see how UFW ties directly into managing network traffic, building on what we’ve learned about ports, protocols, and connections. This post is a perfect next step if you want to enhance your understanding of how firewalls work in real-world scenarios and how they help safeguard your devices. Let’s get started!

What is Linux?

Linux is a powerful, open-source operating system, this means that its source code is freely available for anyone to modify and distribute. It powers everything from smartphones to servers. Ubuntu, a popular distribution of Linux, is known for its user-friendly interface and robust security features. One of the key aspects of maintaining a secure Ubuntu system is managing network traffic—this is where a firewall comes into play. In this blog post, we'll explore how to use Linux (Ubuntu) to create and manage a Uncomplicated Firewall (UFW), a tool designed to make managing firewall rules easier. We will also touch on the basic concepts of computers, ports, and firewalls, and guide you through setting up UFW step by step.

Linux is an open-source operating system, This flexibility makes Linux popular in diverse environments. 

What is a Computer Port?

In networking terms, a "port" is a virtual point where data is sent and received. Computers use ports to manage and differentiate between various types of traffic. Think of ports as doors through which different types of information enter or leave a computer. There are 65,535 ports on a computer, each assigned to specific services or applications, such as HTTP (port 80) for web traffic, or SSH (port 22) for secure remote access. When setting up a firewall, controlling access to these ports is crucial because it allows you to specify which traffic is allowed in or out of your system, adding an extra layer of security.

What is a Firewall?

A firewall is a network security system designed to monitor and control incoming and outgoing network traffic. It works as a barrier between your computer (or network) and external networks, such as the internet, to protect your system from unauthorized access and potential threats. Firewalls can be hardware-based or software-based. In the case of Ubuntu, we rely on a software firewall called UFW (Uncomplicated Firewall) to configure rules for network traffic. A firewall can block harmful traffic, allow specific services, or restrict access based on IP addresses, ports, and protocols, making it an essential tool for protecting your system.

The Project: Setting Up UFW on Ubuntu

Setting up UFW on Ubuntu is straightforward, thanks in large part to the excellent documentation available on the Ubuntu community website. However straightforward also means threat actors have an ideal route to follow. Thinking like a hacker, I decided to switch the port responsible for SSH, the protocol responsible for secure remote login. Furthermore,I made this switch to only allow SSH logins from my particular IP address. This extra layer of hardening helps and was a good hands on opportunity to put to practice what I learned.

With my port manipulation now complete, the next step is to install UFW, which is often pre-installed on recent versions of Ubuntu. You can check if it's installed by running sudo ufw status. If UFW isn't installed, you can easily install it using sudo apt install ufw. Once installed, you can begin configuring it with simple commands. The UFW documentation provides detailed guidelines on how to enable UFW, allow or deny specific ports, and set up rules that fit your network's needs. 

For example, you can run sudo ufw allow HTTP to allow HTTP traffic or in my case sudo ufw allow from 61189 to allow SSH logins from the new port but only from my IP address. The command-line interface is intuitive, and the system will provide feedback on whether your rules were successfully applied, ensuring that you are always in control of your system’s security. Below is a screenshot of the final configurations of my UFW. 

Screenshot showing UFW edited settings.


Final Thoughts

Using UFW on Ubuntu offers a convenient and reliable way to manage your system's firewall. Its simplicity and ease of use make it a perfect choice for both beginners and experienced users alike. The clear and comprehensive Ubuntu documentation ensures that even those with minimal experience can set up a firewall to safeguard their system. Additionally, UFW's compatibility with other tools and its ability to handle more advanced firewall configurations makes it a flexible option for various use cases. By regularly updating your firewall rules and monitoring your system's traffic, you can significantly reduce the risk of attacks.

Conclusion

Thank you for taking the time to read this post! Setting up a UFW firewall on your Ubuntu system is a great step toward securing your network. Whether you're new to Linux or an experienced user, UFW’s simple interface and powerful functionality can help ensure that your system remains safe and secure. Don't forget to explore the Ubuntu UFW documentation for more detailed instructions and advanced configurations. Stay safe online and happy computing!


Roy Williams
Previous

My Cyber Attack Experience: A Lesson in Response
Next

Exploring Network Basics and Building a Scanner