UFW (Uncomplicated Firewall)

UFW is a simple package on Linux systems for managing the system firewall. It can be use to allow only HTTPS traffic for web servers, lock down SSH to certain IPs, and much more. 

Installation

sudo apt install ufw

Enable UFW

sudo ufw enable

Check UFW Status and Firewall Rules

sudo ufw status verbose

Disable IPv6

Change IPv6=no in the /etc/default/ufw config file

#Use your perferred text editor to change the line
sudo nano /etc/default/ufw

#Or run the following command to auto change it
sudo sed -i "s,IPV6=yes,IPV6=no,g" /etc/default/ufw

Allowing Service/Ports

sudo ufw allow <service-name>
sudo ufw allow <port-number>
sudo ufw allow from <source-IP-or-Network> to <destination-IP-or-Network> port <port-number> proto <protocol-type>

sudo ufw allow ssh
sudo ufw allow 5000
sudo ufw allow from 172.16.1.1/24 to any port 8443 proto tcp

Deny Service/Ports (When ufw is enabled, firewall traffic is deny by default unless an allow rule is matched)

sudo ufw deny <service-name>
sudo ufw deny <port-number>
sudo ufw deny from <source-IP-or-Network> to <destination-IP-or-Network> port <port-number> proto <protocol-type>

sudo ufw deny telnet
sudo ufw deny 80
sudo ufw deny from 192.168.1.1/24 to any port 21 proto tcp

View Current Rules

sudo ufw status numbered

Removing Rules

sudo ufw delete <rule-number>