Technology Encyclopedia Home >How to configure firewall and security settings on Ubuntu?

How to configure firewall and security settings on Ubuntu?

Created on 2025-03-27 14:22:39
196

Configuring firewall and security settings on Ubuntu involves several steps, primarily using the ufw (Uncomplicated Firewall) tool. Here’s a basic guide:

Step 1: Install UFW (if not already installed)

First, ensure that UFW is installed. Open a terminal and run:

sudo apt update
sudo apt install ufw

Step 2: Enable UFW

To enable UFW, run:

sudo ufw enable

This command sets the default policies to deny incoming connections and allow outgoing connections.

Step 3: Configure Default Policies (Optional)

You can set custom default policies if needed. For example, to allow all incoming traffic by default and deny outgoing traffic:

sudo ufw default allow incoming
sudo ufw default deny outgoing

Step 4: Allow Specific Services

To allow specific services like SSH (port 22), HTTP (port 80), or HTTPS (port 443), use:

sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

Alternatively, you can specify the service name:

sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https

Step 5: Check UFW Status

To check the current status of UFW and see which rules are active, use:

sudo ufw status verbose

Step 6: Delete Rules (if needed)

If you need to delete a rule, for example, the SSH rule:

sudo ufw delete allow ssh

Additional Security Measures

  • Update Regularly: Keep your system updated to patch security vulnerabilities.
    sudo apt update && sudo apt upgrade
  • Use SSH Keys: Disable password authentication for SSH and use key-based authentication for enhanced security.
  • Install Security Tools: Consider installing additional security tools like fail2ban to prevent brute-force attacks.

Example Scenario

Suppose you have a web server running on Ubuntu and you want to ensure it is secure. You would:

  1. Enable UFW.
  2. Allow HTTP and HTTPS traffic.
  3. Deny all other incoming traffic.
  4. Ensure SSH is accessible only from trusted IP addresses.

Cloud Service Recommendation

For enhanced security and scalability, consider deploying your Ubuntu server on a cloud platform like Tencent Cloud. Tencent Cloud offers services like the Cloud Firewall, which provides advanced security features such as intrusion detection, DDoS protection, and more. This can complement your local firewall settings for a more robust security posture.