WordPress 101: Step 3 – Vanilla Baseline Server Install

Step 5 – Install and Configure ufw

This is the simplest firewall to install. This is not the only firewall; however, most end up writing rules in IPTables for you. Here are the steps:

Install ufw

sudo apt install -y ufw

Typical ufw install Output

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  ufw
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 164 kB of archives.
After this operation, 852 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian buster/main amd64 ufw all 0.36-1 [164 kB]
Fetched 164 kB in 0s (2,033 kB/s)
Preconfiguring packages ...
Selecting previously unselected package ufw.
(Reading database ... 52182 files and directories currently installed.)
Preparing to unpack .../archives/ufw_0.36-1_all.deb ...
Unpacking ufw (0.36-1) ...
Setting up ufw (0.36-1) ...

Creating config file /etc/ufw/before.rules with new version

Creating config file /etc/ufw/before6.rules with new version

Creating config file /etc/ufw/after.rules with new version

Creating config file /etc/ufw/after6.rules with new version
Created symlink /etc/systemd/system/multi-user.target.wants/ufw.service → /lib/s                                                                                                                                                                                               ystemd/system/ufw.service.
Processing triggers for rsyslog (8.1901.0-1) ...
Processing triggers for systemd (241-7~deb10u5) ...

Set Default UFW Rules

sudo ufw default deny incoming
sudo ufw default allow outgoing
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)
Default outgoing policy changed to 'allow'
(be sure to update your rules accordingly)

Allow ssh on ufw

Note: if port is other than 22 then please do the alternate allow show below.

sudo ufw allow ssh

Typical output of allow for ufw

Rules updated
Rules updated (v6)

Or for other ports

Allow unique ssh port rule

sudo ufw allow <your-ssh-port>/tcp

Typical output of allow custom for ufw

Rules updated
Rules updated (v6)

Enable the UFW firewall

sudo ufw enable

Respond to ufw enable question.

Respond to Command may disrupt existing ssh connections. Proceed with operation (y|n)? y

Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

Check ufw status

sudo ufw status

Typical ufw status output

Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
22/tcp (v6)                ALLOW       Anywhere (v6)

2 comments

Leave a comment

Your email address will not be published. Required fields are marked *