mrgr
Posts: 8
Joined: Sun Nov 27, 2016 6:28 am

UFW - First time with a firewall

Thu Jan 05, 2017 10:44 pm

This guide is intented for those who are new in Linux. This guide was made in Ubuntu 16.04.

One of the first things you need to do to protect your server is enable a firewall, this guide will show you simple steps to enable UFW (Uncomplicated Firewall).
UFW is installed by default on Ubuntu. If you detect that it is not installed you can install it with:

Code: Select all

sudo apt-get install ufw


Before start you need to know which ports are you normally using in your server, for Lisk servers we have 3 obligatory:
  • SSH normally port 22
  • Lisk client default 8000 for mainnet and 7000 for testnet
  • SSL connections for Lisk. It's recommended to use one greater than 1024, we will use for this example Port 2443.

Now you know you need to enable 3 Ports in your server. For the next steps you need to have sudo privileges (not user: root).

Checking UFW status
With this command you can check the status of your firewall, it will tell you if is enabled and which ports are allowed:

Code: Select all

sudo ufw status

Note: when you run sudo commands the system will ask you for your password

If you are running the above command for the very first time you will see the following output:

Code: Select all

user@yourserver:~$ sudo ufw status
[sudo] password for youruser:
Status: active

This is ok, you are about to enable it.

When you enable ufw and run again the command sudo ufw status you will see, as example:

Code: Select all

Status: active

To              Action      From
--              ------      ----
22/tcp          ALLOW       Anywhere
8000/tcp        ALLOW       Anywhere
2443/tcp        ALLOW       Anywhere


Allow ports
The allow command will add a rule in UFW and as it says will permit the communications in specified port to your server. To allow your server to listen on all 3 required ports (22, 8000, 2443) run the following:

Code: Select all

sudo ufw allow 22/tcp
sudo ufw allow 8000/tcp
sudo ufw allow 2443/tcp

You are seeing sudo ufw allow 22/tcp to allow port 22 and last part /tcp is to allow incoming packets through tcp

Deny ports
Opposite command is deny, with this your server will block incoming communications from the port you specify. As example:

Code: Select all

sudo ufw deny 21/tcp
sudo ufw deny 25/tcp

By default all ports that are not allowed will be blocked.

Show added
Before you enable ufw you need to ensure you have the right rules added, for this run the following command:

Code: Select all

sudo ufw show added

You should see the following output:

Code: Select all

Added user rules (see 'ufw status' for running firewall):
ufw allow 22/tcp
ufw allow 8000/tcp
ufw allow 2443/tcp

*IMPORTANT If you are using another port other than 22 for your SSH connection this will bring to you a lock out of your server. To avoid this, allow the correct port for SSH.

Enable UFW
Now that you've checked that you have the correct ports, you can enable ufw with the following command:

Code: Select all

sudo ufw enable

Run again sudo ufw status to check.

So far, you already have a firewall enabled.

Disable UFW
To disable ufw use the following command:

Code: Select all

sudo ufw disable

Return to “Guides”

Who is online

Users browsing this forum: No registered users and 1 guest