09-11-2019, 11:26 PM
*This tutorial is part of a series, visit the main thread to learn more*
Nowadays, when we get a server, securing it up is one of the most important and critical step on our "to-do" list. We don't want any one to make us troubles, right? To do so, one of the main protagonist of this step is the firewall.
On this tutorial, we will learn what is a firewall, why it is so important and how to use it on Ubuntu Server & CentOS thanks to a very simple software called UFW (Uncomplicated firewall).
Let's start with some information!
Now, we can start our tutorial (The commands should be run as sudo or root):
Installation:
Starting and Enabling:
Now that ufw is installed we need to start it and enable it on boot.
Usage:
Now let's see how to use it:
What makes UFW my favorite? The APP SYSTEM:
Usually on Ubuntu systems the app list will be populated by installing software via special triggers, meanwhile on CentOS the UFW package from EPEL will come preloaded with a lot of APPS!
You can create custom app profile by creating a file inside:
We will create a file called for example 'test', then we need to fill this structure:
This file will create an app that is called 'APP_NAME' and will allow 1 to 10 ports on tcp protocol, allow port 50 on udp and allow 53 on both tcp and udp. You can use the ',' to list ports that will be activated with the same protocol, you can use '|' create a new list of ports.
Remember that after making changes on the rules, to make them effective you need to restart the firewall using the following command:
Nowadays, when we get a server, securing it up is one of the most important and critical step on our "to-do" list. We don't want any one to make us troubles, right? To do so, one of the main protagonist of this step is the firewall.
On this tutorial, we will learn what is a firewall, why it is so important and how to use it on Ubuntu Server & CentOS thanks to a very simple software called UFW (Uncomplicated firewall).
Let's start with some information!
- What is a firewall?
A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on a set of 'rules' that the SysAdmin sets up. We can imagine the firewall as a barrier between a trusted internal network and untrusted external network, such as the Internet. Believe me, Internet isn't secure at all!There are two form of firewall:- Hardware firewall, a dedicated device used by enterprises that it is usually located between the routers, which communicates with Internet, and the switches. Its role is to manage the connection to the DMZ by the customers, think about public services such as website/blog for example, and monitoring and protect the remote access to the company internal network. We can say that it operates over all the company network. I will not deep-in on enterprise networking because it is a very interesting but complex topic, that myself studied on the last year of high school so I am not a expert.
- Software firewall or Personal firewall, is a software which controls network traffic to and from a computer, thus it usually protects only the computer on which it is installed. Typically it works as an application layer firewall*.
On this tutorial we will focus on software firewall.
- Hardware firewall, a dedicated device used by enterprises that it is usually located between the routers, which communicates with Internet, and the switches. Its role is to manage the connection to the DMZ by the customers, think about public services such as website/blog for example, and monitoring and protect the remote access to the company internal network. We can say that it operates over all the company network. I will not deep-in on enterprise networking because it is a very interesting but complex topic, that myself studied on the last year of high school so I am not a expert.
- How it works and why it is so important?
We can identify two types of firewall operation:- Packet filtering: the firewall reads up all the packets' metadata that are passing via your network interface, if some metadata matches a rules then the firewall will act. All firewalls can do this. It is done at the network layer.
- "Data validation": the firewall doesn't just read the packets' metadata; it will also look at the actual data transported. It knows how certain protocols work, for example FTP or HTTP. If the data that is in the packet is not valid for that protocol the packet will be dropped.
- ACTION: can be set to "allow" or "deny" and it indicates the behavior of the firewall;
- SUBJECT: it can be a web port, a ip address or, for some particular firewall, an application target. It indicates to who the rule will be applied.
- Packet filtering: the firewall reads up all the packets' metadata that are passing via your network interface, if some metadata matches a rules then the firewall will act. All firewalls can do this. It is done at the network layer.
- Why UFW?
UFW (Uncomplicated firewall) is a wrapper for IPTABLES. A wrapper is a software that provides a easy commands for a more complex tool. If you are interested on IPTABLES, @"Hidden Refuge" made a thread about a basic usage of it.
I think that UFW is very simple and easy to learn. It is not perfect, it has its own limitation but for general firewall usage works!
Now, we can start our tutorial (The commands should be run as sudo or root):
Installation:
- UBUNTU: If you are using Ubuntu Server, then you have already installed it. Nothing to do.
- CentOS: If you are running CentOS you have probably installed FirewallD, we need to stop its service, if enabled, and install UFW:
- First, we need to stop, if running, the firewallD service. The following command will do that:
Code: (Select All)systemctl stop firewalld
- With the following command you will disable to boot load, if enabled, of the FirewallD service:
Code: (Select All)systemctl disable firewalld
- Now, UFW is available on the EPEL repository so we need to install it with the following command:
Code: (Select All)yum install -y epel-release
- Finally, we can install UFW with the following command:
Code: (Select All)yum install -y ufw
- First, we need to stop, if running, the firewallD service. The following command will do that:
Starting and Enabling:
Now that ufw is installed we need to start it and enable it on boot.
- First, we use a UFW command that should start and enable boot load:
Code: (Select All)ufw enable
- It can happen that the previous command doesn't enable the boot load, so to make sure it is enable run:
Code: (Select All)systemctl enable ufw
Usage:
Now let's see how to use it:
- To see the current status and which rules are up, use the following command:
Code: (Select All)ufw status
- For good practice we will block incoming traffic and allow outgoing:
- [*}To deny all the incoming traffic, run the following command:[*}To allow all the outgoing traffic, run the following command:Code: (Select All)
ufw default deny incoming
Code: (Select All)ufw default allow outgoing
- [*}To deny all the incoming traffic, run the following command:
- To allow/deny a specific port, run the following command:
Code: (Select All)ufw [allow/deny] [port]/[protocol: "tcp" or "udp", default=tcp]
- To allow/deny a range of ports, run the following command:
Code: (Select All)ufw [allow/deny] [fisrt_port]:[last_port]/[protocol: "tcp" or "udp", default=tcp]
- To allow/deny all the connections from a specific STATIC IP, run the following command:
Code: (Select All)ufw [allow/deny] from [IP]
- To allow/deny the connections on a specific port from a specific STATIC IP, run the following command:
Code: (Select All)ufw [allow/deny] from [IP] to any port [port]
- To delete a rule, you need to know its index using the following command:
Now you can delete the rule with the following command:Code: (Select All)ufw status numbered
Code: (Select All)ufw delete [index]
- If you want to stop the firewall for a moment, run the following command:
Code: (Select All)systemctl stop ufw
- If you want to start the firewall after running the previous command, run the following command:
Code: (Select All)systemctl start ufw
- If you want to disable the boot load of the firewall, run the following command:
Code: (Select All)systemctl disable ufw
What makes UFW my favorite? The APP SYSTEM:
Usually on Ubuntu systems the app list will be populated by installing software via special triggers, meanwhile on CentOS the UFW package from EPEL will come preloaded with a lot of APPS!
- If you want to see your app list, use the following command:
Code: (Select All)ufw app list
- If you want to see more information about an app, use the following command:
Code: (Select All)ufw app info 'APP_NAME'
- If you allow/deny a specific app profile, use the following command:
Code: (Select All)ufw [allow/deny] 'APP_NAME'
- To allow/deny an app profile for a specific STATIC IP, run the following command:
Code: (Select All)ufw [allow/deny] from [IP] to any app 'APP_NAME'
- If you want to delete an enabled app profile, just follow the same steps to delete a rule.
You can create custom app profile by creating a file inside:
Code: (Select All)
/ect/ufw/applications.d/
Code: (Select All)
[APP_NAME]
title=A one line title
description=A longer description with more information
ports=1,2,3,4,5,6,7,8,9,10/tcp|50/udp|53
Remember that after making changes on the rules, to make them effective you need to restart the firewall using the following command:
Code: (Select All)
systemctl restart ufw