Under Ubuntu you can quickly build an iptables based firewall using the handy built in firewall configuration tool UFW.
Network architectures will vary but if you are deploying Internet facing Servers you generally should be configuring a host based firewall. It can provide protection to listening services that don’t need to be Internet accessible, in addition a firewall can make life more difficult for an attacker who does gain a foothold. Making it more difficult to create a backdoor listener for example.
When deploying an Ubuntu host based firewall you should also consider using the excellent open source HIDS software OSSEC.
The Ubuntu documentation portal has a good run down on implementing UFW.
Here is my shorter summary of UFW and Ubuntu Firewalls
Set the default rule, in case you are wondering this should be default DENY.
sudo ufw default deny
Logging is generally another good idea, lets enable it.
sudo ufw logging on
If you are connected over SSH then set your SSH allow rule now.
sudo ufw allow 22/tcp
HackerTarget.com runs SSH on 2222 to avoid brute forcing SSH bots. So the command is:
sudo ufw allow 2222/tcp
Now turn the firewall on (this applies the iptables commands).
sudo ufw enable
To turn the firewall off.
sudo ufw disable
Allow port 80 (for your webserver to server HTTP).
sudo ufw allow 80/tcp
Allow port 443 (as we have SSL enabled for our clients security).
sudo ufw allow 443/tcp
Allow port 25 (for your Email SMTP)
sudo ufw allow 25/tcp
You get the idea, it is also possible to enable rules that allow and block from specific IP addresses, after all it is just a script for iptables. See the Ubuntu Docs for details on this.
sudo ufw status
This command shows that the firewall is running and configured, now you should do a port scan and test it for real.
Since we run VPS servers on Linode and have configured dual stack IPv4 and IPv6 addresses our web server is happily serving on both protocols. iptables and ip6tables are two separate commands for the configuration of IPv4 and IPv6 firewalls. The excellent thing about UFW is the above commands enables the firewall on both IP stacks.