UFW
Enable UFW
Before enabling UFW, ensure that OpenSSH is allowed to prevent being locked out of your server:
sudo ufw allow OpenSSH
Now you can safely enable UFW:
sudo ufw enable
Check UFW Status
sudo ufw status
Set Default Policies
Set the default policies to deny incoming and allow outgoing traffic:
sudo ufw default deny incoming
sudo ufw default allow outgoing
Allow Specific Services or Ports
Allow HTTP and HTTPS:
sudo ufw allow 'Nginx HTTP'
sudo ufw allow 'Nginx HTTPS'
Allow a specific port, such as SSH:
sudo ufw allow 22
Allow a specific IP to connect to a certain port:
sudo ufw allow from 192.168.1.0/24 to any port 3306
Deny Specific Ports
Directly deny a specific port:
sudo ufw deny 23
Delete Rules
Remove a rule that allows a particular service, such as 'Nginx HTTP':
sudo ufw delete allow 'Nginx HTTP'
Reset UFW
Reset UFW to the default state; all rules will be deleted:
sudo ufw reset
Disable UFW
Disable UFW to allow all traffic:
sudo ufw disable
Additional Commands for Specific Scenarios
-
Set Named Services: Some services register with UFW, such as 'Nginx Full', which can be used to allow both HTTP and HTTPS.
sudo ufw allow 'Nginx Full' -
Check Status with Details: Verify the final status to ensure the settings are correct.
sudo ufw status verbose -
Logging: Enable logging to monitor security issues.
sudo ufw logging on
These commands will help effectively manage your server's UFW firewall rules, ensuring security and proper service operation.