Step 2. Firewall Setup

Ok now that we’ve locked the root ssh login. Let’s setup the firewall for the server.

Since Kernel 2.4, virtually ever Linux distribution has had IPTABLES built into it as a firewall but setting the rules can a bit of a pain. If you’re like me and just wants it done quickly, you can install an easy to use firewall configurator using UFW. On Debian you can install it using:

apt-get install ufw

Once installed use your favorite editor to edit : /etc/default/ufw

Setup your default rules (deny all incoming packets and allow all outgoing packets)

ufw default deny incoming

ufw default allow outgoing

Setup the services you want people to connect to. To add SSH run:

ufw allow ssh   OR   ufw allow 22/tcp

Both do the same thing. UFW has some known standard ports that you can add by name. For your standard LAMP type setup you’ll probably want SSH, HTTP, HTTPS(maybe) and possibly FTP.

If you want to allow ranges like port tcp ports 1000-2000 use:

ufw allow 1000:2000/tcp

The most common ports you’ll want to

To allow or deny from a specific address

ufw allow from (or whatever IP address you want to explicitly allow)

ufw deny from (to explicitly deny from a particular address)

If you want to delete a rule use

ufw delete allow http (which will delete your allow rule for http)

Alternatively you can just delete the rule from a numbered list using

ufw status numbered

ufw delete [the rule number you want removed]

To turn on your firewall rules use

ufw enable

To check status use

ufw status or ufw status verbose for more info

Note: Using ufw reset will reset all your rules meaning, it’ll wipe them all. Don’t do it unless you messed up everything.

<– Back to Step 1  |  Onwards to Step 3 –>