Simple firewall management with UWF

Luis Gómez

5 minutes

ubuntu firewall

The firewall has now become one of the basic security tools for any computer, whether domestic or business. Its configuration is often not easy and it can be a headache for less experienced users. To help in this task, there are tools such as UWF (Uncomplicated Firewall) that tries to simplify firewall rule management of the team.

UWF is a front-end of iptables that is particularly well suited to servers and is, in fact, the default configuration tool in Ubuntu Linux. Its development was carried out with the idea of ​​creating a simple and easy-to-use application and it has been. Creating rules for IPv4 and IPv6 addresses has never been easier. In the tutorial that we show you below, we will teach you to use the basic UWF instructions to configure the typical rules that you may need in your firewall.

The basic tasks that we can carry out in the system firewall are very varied and range from blocking a specific IP address or a port to allowing traffic only from a specific subnet. We will now review the most relevant ones using the precise commands to invoke UWF, yes, always from the system terminal:

UWF block a specific IP address

The basic syntax that we must introduce is the following:

sudo ufw deny from {dirección-ip} to any

To block or prevent the passage of all packets from a specific IP address we will introduce:

 sudo ufw deny from {dirección-ip} to any

Show the status of the firewall and its rules

We can verify the new rules that we have just introduced with the following statement:

$ sudo ufw status numbered

Or with the following command:

$ sudo ufw status

uwf-image

Specific blocking of an IP address or a specific port

The syntax in this case would be the following:

ufw deny from {dirección-ip} to any port {número-puerto}

Again, if we want to verify the rules we will do it with the following command:

$ sudo ufw status numbered

An example of the output that this command would provide us is the following:

Status: active To Action From -- ------ ---- [ 1] 192.168.1.10 80/tcp ALLOW Anywhere [ 2] 192.168.1.10 22/tcp ALLOW Anywhere [ 3] Anywhere DENY 192.168.1.20 [ 4 ] 80 DENY IN 202.54.1.5

Block a specific IP address, port and protocol type

In order to block a specific IP address, a port and/or a type of protocol on your computer, you must enter the following command:

sudo ufw deny proto {tcp|udp} from {dirección-ip} to any port {número-puerto}

For example, if we were receiving an attack from a hacker from the IP address 202.54.1.1, through port 22 and under the TCP protocol, the statement to enter would be the following:

$ sudo ufw deny proto tcp from 202.54.1.1 to any port 22
$ sudo ufw status numbered

Blocking a subnet

For this specific case, the syntax is very similar to the previous cases, take a look:

$ sudo ufw deny proto tcp from sub/net to any port 22
$ sudo ufw deny proto tcp from 202.54.1.0/24 to any port 22

Unblock an IP address or delete a rule

If you no longer want to block an IP address within your system or you just got confused when entering a rule, try the following command:

$ sudo ufw status numbered
$ sudo ufw delete NUM

For example, if we want to eliminate rule number 4, we must enter the command as follows:

$ sudo ufw delete 4

As a result of the entered command, we would obtain a message on the screen similar to the following that we show you:

Delete:
 deny from 202.54.1.5 to any port 80
Proceed with operation (y | n)? y
rule deleted

How to make UWF not block an IP address

The rules that UWF (or iptables, depending on how you look at it) apply are always following your order and are executed as soon as a match occurs. Thus, for example, if a rule is allowing a computer with a specific IP address to connect to our computer through port 22 and using the TCP protocol (say, sudo ufw allow 22), and then there is a new rule that specifically blocks a specific IP address to the same port 22 (for example with ufw deny proto tcp from 192.168.1.2 to any port 22), the rule that is applied first is the one that allows access to port 22 and later, the one that blocks said port to the indicated IP, no. It is because of that the order of the rules is a decisive factor when configuring a machine's firewall.

If we want to prevent this problem from occurring, we can edit the file located in /etc/ufw/before.rules and, within it, add a section like "Block an IP Address", just after the line that indicates the end of it "# End required lines".

The guide that we have prepared for you ends here. As you can see, from now on and with the help of UWF the administration of the firewall It will no longer be exclusive to system administrators or advanced users.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

     Junquera said
    9 years August

    export UWF = UFW
    ?

    Reply to Junquera