Ubuntu – What rules to use for UFW

firewallSecurityufw

I've decided to enable the UFW that comes with Ubuntu just to make my system even more secure (especially after watching a video of a person whose computer actually got infected!), and I've enabled UFW and installed GUFW, but I'm not sure what to do next. When I check the status of the firewall, it says that it is active. What are some rules that I should configure to actually make use of the firewall, since right now I'm assuming it's allowing everything, basically acting like it isn't there.

Best Answer

If you've set ufw to enabled then you've enabled the preset rules, so it means ufw (via iptables) is actively blocking packets.

If you want more details, run

sudo ufw status verbose

and you will see something like this

$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip

which basically means that all incoming is denied and all outgoing allowed. It's a bit more complicated than that (for example ESTABLISHED - requested - packets are allowed in), and if you're interested in the full set of rules, see the output of sudo iptables -L.

If you have a public IP, you can use an online test to get an idea how good the filtering is, for example www.grc.com (look for ShieldsUP) or nmap-online.

You should also see messages about blocked/allowed packets in logs (/var/log/syslog and /var/log/ufw.log).

Related Question