Make sure to Setup a Firewall with UFW on ubuntu

Enable or block firewall access

Your system should be equipped with a firewall that allows it to block programs from being accessed by other people on the internet or your network. This helps to keep your computer secure.

Many applications can use your network connection. For instance, you can share files or let someone view your desktop remotely when connected to a network. Depending on how your computer is set up, you may need to adjust the firewall to allow these services to work as intended.

ssh to server

example
$ ssh usertype@23.34.23.3

Install ufwsudo if you don’t have

UFW — Uncomplicated Firewall

The default firewall configuration tool for Ubuntu is ufw. Developed to ease iptables firewall configuration, ufw provides a user friendly way to create an IPv4 or IPv6 host-based firewall. By default UFW is disabled.

Gufw is a GUI that is available as a frontend.

$ sudo apt-get install ufwsudo

Status

$ sudo ufw status 
$ sudo ufw status verbose

Result if active

Status: active
To                         Action      From
--                         ------      ----
5938/udp                   ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
1433                       ALLOW       Anywhere                  
80                         DENY        Anywhere                  
5938/udp (v6)              ALLOW       Anywhere (v6)             
443/tcp (v6)               ALLOW       Anywhere (v6)             
1433 (v6)                  ALLOW       Anywhere (v6)             
80 (v6)                    DENY        Anywhere (v6)

If inactive

Status: inactive

Enabling and disabling the Firewall

$ sudo ufw enable
[sudo] password for user: 
Firewall is active and enabled on system startup
$ sudo ufw disable
Firewall stopped and disabled on system startup

Allowing the port

$ sudo ufw allow 80 (port http)
$ sudo ufw allow 443 (port https)
$ sudo ufw allow 22 (port SSH)

Denying the port

$ sudo ufw deny 80 (port http)
$ sudo ufw deny 443 (port https)
$ sudo ufw deny 22 (port SSH)

Deleting the Rules

$ sudo ufw delete allow 443/tcp
$ sudo ufw delete deny 80

Reload

$ sudo ufw reload

Set Up Defaults

One of the things that will make setting up any firewall easier is to define some default rules for allowing and denying connections.

UFW’s defaults are to deny all incoming connections and allow all outgoing connections.

This means anyone trying to reach your cloud server would not be able to connect, while any application within the server would be able to reach the outside world.

To set the defaults used by UFW, you would use the following commands:

$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing
$ sudo ufw default deny outgoing

Port Ranges was other useful one

$ sudo ufw deny 1000:1010/tcp

IP Addresses

$ sudo ufw allow from 192.168.255.255

list out all the current rules in a numbered list and delete it

$ sudo ufw status numbered
To                         Action      From
     --                         ------      ----
[ 1] 80                         ALLOW IN    Anywhere                  
[ 2] 443                        ALLOW IN    Anywhere                  
[ 3] 22                         ALLOW IN    Anywhere                  
[ 4] 80 (v6)                    ALLOW IN    Anywhere (v6)             
[ 5] 443 (v6)                   ALLOW IN    Anywhere (v6)             
[ 6] 22 (v6)                    ALLOW IN    Anywhere (v6)
$ sudo ufw delete [number]

Reset

$ sudo ufw reset
Resetting all rules to installed defaults. Proceed with operation (y|n)? y
Backing up 'before.rules' to '/etc/ufw/before.rules.20180113_183041'
Backing up 'user6.rules' to '/etc/ufw/user6.rules.20180113_183041'
Backing up 'after6.rules' to '/etc/ufw/after6.rules.20180113_183041'
Backing up 'after.rules' to '/etc/ufw/after.rules.20180113_183041'
Backing up 'user.rules' to '/etc/ufw/user.rules.20180113_183041'
Backing up 'before6.rules' to '/etc/ufw/before6.rules.20180113_1841'