UFW

Enable UFW

Before enabling UFW, ensure that OpenSSH is allowed to prevent being locked out of your server:

sudo ufw allow OpenSSH

Now you can safely enable UFW:

sudo ufw enable

Check UFW Status

sudo ufw status

Set Default Policies

Set the default policies to deny incoming and allow outgoing traffic:

sudo ufw default deny incoming
sudo ufw default allow outgoing

Allow Specific Services or Ports

Allow HTTP and HTTPS:

sudo ufw allow 'Nginx HTTP'
sudo ufw allow 'Nginx HTTPS'

Allow a specific port, such as SSH:

sudo ufw allow 22

Allow a specific IP to connect to a certain port:

sudo ufw allow from 192.168.1.0/24 to any port 3306

Deny Specific Ports

Directly deny a specific port:

sudo ufw deny 23

Delete Rules

Remove a rule that allows a particular service, such as 'Nginx HTTP':

sudo ufw delete allow 'Nginx HTTP'

Reset UFW

Reset UFW to the default state; all rules will be deleted:

sudo ufw reset

Disable UFW

Disable UFW to allow all traffic:

sudo ufw disable

Additional Commands for Specific Scenarios

  1. Set Named Services: Some services register with UFW, such as 'Nginx Full', which can be used to allow both HTTP and HTTPS.

    sudo ufw allow 'Nginx Full'

  2. Check Status with Details: Verify the final status to ensure the settings are correct.

    sudo ufw status verbose

  3. Logging: Enable logging to monitor security issues.

    sudo ufw logging on

These commands will help effectively manage your server's UFW firewall rules, ensuring security and proper service operation.

results matching ""

    No results matching ""