Table of Contents
How to work with Ubuntu’s firewall?
Use “ufw” to invoke Ubuntu’s firewall, you can perfectly start by asking for help using the question mark symbol as parameter, see image below:
Firewall default status
If you are working with a fresh installation of Ubuntu, it’s quite probable that its firewall is not enabled by default, and it has to be manually enabled, please be sure that SSH traffic is allowed through the firewall before enabling it, otherwise the remote access will be lost.
Ubuntu’s firewall current status
In order to see the current status of the Ubuntu’s firewall run the following command:
ufw status
Feel free to use the command above, hover your cursor over the up right corner of the box to see the COPY option that allows You to quickly copy the code with a simple click.
List of available Apps
We can assure that at least one application is currently running and that app is SSH, that is what allows us to remotely connect to our VPS for administration, we don’t know if any other app is also running, use the following command to get a list of all the apps the firewall recognize.
ufw app list
Feel free to use the command above, hover your cursor over the up right corner of the box to see the COPY option that allows You to quickly copy the code with a simple click.
As you can see in the image above, there is only one application, its name is OpenSSH, this is the first app that will be added as a firewall exemption, as you probably know, there are several versions of SSH in our case, Ubuntu comes with the one that is open source, that’s why its name is OpenSSH.
Allowing SSH traffic
Before enabling Ubuntu’s firewall, we must include SSH traffic as the first firewall’s exemption, otherwise if we’re working remotely, we won’t be able to connect to our VPS server, use the following command to allow SSH traffic through the Ubuntu’s firewall.
ufw allow OpenSSH
Feel free to use the command above, hover your cursor over the up right corner of the box to see the COPY option that allows You to quickly copy the code with a simple click.
Enabling Ubuntu's firewall
Now that we are absolutely sure that our connection won’t be lost after the firewall is enabled we can proceed to enable Ubuntu’s firewall by running the following command.
ufw enable
Feel free to use the command above, hover your cursor over the up right corner of the box to see the COPY option that allows You to quickly copy the code with a simple click.
Two steps have been completed at one, first the Ubuntu’s firewall was activated and second the firewall was configured to automatically start every time the server is rebooted.
Add Apache to Firewall's exemptions
If Apache web server is not yet installed on your system take a look a this article to know how to install it, but if it is already installed then it must appear on the firewall’s applications list.
ufw app list
Feel free to use the command above, hover your cursor over the up right corner of the box to see the COPY option that allows You to quickly copy the code with a simple click.
Adding “Apache Full” to the Ubuntu’s firewall exemption list will add both HTTP and also HTTPS, ports 80 and 443 respectively.
ufw allow 'Apache Full'
Feel free to use the command above, hover your cursor over the up right corner of the box to see the COPY option that allows You to quickly copy the code with a simple click.
As you can see in the image above we’ve used single quotes to enter two words (Apache Full), these are only needed when dealing with more than one word.
Reload Ubuntu's firewall
Reloading Ubuntu’s firewall is not a mandatory step, it is optional and up to you, but It is recommended to do after any change that’s made, just to be absolutely sure the changes have been applied, use the following command to reload Ubuntu’s firewall.
ufw reload
Feel free to use the command above, hover your cursor over the up right corner of the box to see the COPY option that allows You to quickly copy the code with a simple click.
Firewall final status
It is always a good idea to run once again the “ufw status” command to verify that Apache is actually listed as one of the firewall’s exemptions.
ufw status
Feel free to use the command above, hover your cursor over the up right corner of the box to see the COPY option that allows You to quickly copy the code with a simple click.
