Question

11

What rules to use for UFW?

rated 0 times [ 11] [ 0] / answers: 1 / hits: 28029 / 2 Years ago, sun, june 5, 2022, 1:53:09

I've decided to enable the UFW that comes with Ubuntu just to make my system even more secure (especially after watching a video of a person whose computer actually got infected!), and I've enabled UFW and installed GUFW, but I'm not sure what to do next. When I check the status of the firewall, it says that it is active. What are some rules that I should configure to actually make use of the firewall, since right now I'm assuming it's allowing everything, basically acting like it isn't there.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

tinchir

Add To Favorites

Follow

Total Points: 300

Total Questions: 116

Total Answers: 119

Location: American Samoa

Member since Sun, Jan 17, 2021

3 Years ago

answered 2 Years ago ligenvirt · Accepted Answer

If you've set ufw to enabled then you've enabled the preset rules, so it means ufw (via iptables) is actively blocking packets.

If you want more details, run

sudo ufw status verbose

and you will see something like this

$ sudo ufw status verbose

Status: active

Logging: on (low)

Default: deny (incoming), allow (outgoing)

New profiles: skip

which basically means that all incoming is denied and all outgoing allowed. It's a bit more complicated than that (for example ESTABLISHED - requested - packets are allowed in), and if you're interested in the full set of rules, see the output of sudo iptables -L.

If you have a public IP, you can use an online test to get an idea how good the filtering is, for example www.grc.com (look for ShieldsUP) or nmap-online.

You should also see messages about blocked/allowed packets in logs (/var/log/syslog and /var/log/ufw.log).