Network architectures will vary, but if you are deploying Internet facing Servers you generally should be configuring a host-based firewall. It can protect listening services that don't need to be Internet accessible. In addition, a firewall can make life more difficult for an attacker who does gain a foothold. For example, making it tougher to create a backdoor listener.
When deploying an Ubuntu host-based firewall, consider using the excellent open source HIDS (Host-based Intrusion Detection System) software OSSEC.
The Ubuntu documentation portal has a good rundown on implementing UFW.
A summary of UFW and Ubuntu Firewalls
Set the default rule, in case you are wondering this should be default DENY
.
sudo ufw default deny
Logging
is generally another good idea, lets enable it.
sudo ufw logging on
If you are connected over SSH then set your SSH allow rule now.
sudo ufw allow 22/tcp
HackerTarget.com runs SSH on 2222 to avoid brute forcing SSH bots. The command is:
sudo ufw allow 2222/tcp
Turn the firewall on (this applies the iptables commands).
sudo ufw enable
Turn the firewall off.
sudo ufw disable
Allow port 80
(for your webserver to server HTTP).
sudo ufw allow 80/tcp
Allow port 443
(as we have SSL enabled for our clients security).
sudo ufw allow 443/tcp
Allow port 25
(for your Email SMTP)
sudo ufw allow 25/tcp
You get the idea. It is also possible to enable rules that allow
and block
from specific IP addresses. After all, it is just a script for iptables. See the Ubuntu Docs for details on this.
This command shows the firewall running and configured. Now do a port scan and test it for real.
sudo ufw status
Since we run VPS servers on Linode and have configured dual stack IPv4 and IPv6 addresses, our web server is happily serving on both protocols. iptables and ip6tables are two separate commands for the configuration of IPv4 and IPv6 firewalls. The excellent thing about UFW is the above commands enable the firewall on both IP stacks.
Many a firewall administrator encounters a period of elevated heartbeats while connected remotely to a device... You push the new firewall configuration and suddenly your RDP or SSH session pauses...... of course you don't make mistakes and it was just a temporary hiccup with the session now restored. Right?