3.ufw_configuration.md

2. UFW configuration

UFW stands for Uncomplicated FireWall. It is a program in charge of the fate of the internet packets coming to the server and what do to with them.

📖 Resources

• https://help.ubuntu.com/community/UFW
• https://en.wikipedia.org/wiki/Network_packet
• https://en.wikipedia.org/wiki/Port_(computer_networking)

Preamble

One famous thing for servers (and for a lot of things IT-related) is:

Never trust what you don't control

So the philosophy to adapt when dealing with networks, could be summarized as:

• block everything by default
• allow specific traffic

2.1 Enable UFW

UFW is installed by default on Ubuntu, but may not be enabled. The first step is to enable UFW:

ufw enable

You can check the current configuration with:

ufw status verbose

2.2 Configuration

2.2.1 Disallow all ports

ufw default deny incoming

2.2.1 Open useful ports

ufw allow 22
ufw allow 80
ufw allow 443

ℹ️ information

• port 22 is the default port for SSH, not enabling it and disallowing all the other ports could lock you out of your own server (⚠️)
• port 80 is the default port for the Web (HTTP), when your browser access a URL with no specified port, it will default to 80
• port 443 is the default port for HTTPS

---

We have a more or less secure server, let's try to do something with it now, by installing a web server.