Setting UFW Firewall on Ubuntu 20.04

Setting ufw firewall pada linux ubuntu 20.04

  • Ceks status ufw firewall
root@web-app:/var/icmp.my.id# ufw status
Status: inactive
  • Cek list aplikasi yang dapat di terapkan dengan ufw
root@web-app:/var/icmp.my.id# ufw app list
Available applications:
  Nginx Full
  Nginx HTTP
  Nginx HTTPS
  OpenSSH
  • Allow koneksi ssh pada ufw firewall
root@web-app:/var/icmp.my.id# ufw allow ssh
Rules updated
Rules updated (v6)
  • Aktifkan ufw firewall
root@web-app:/var/icmp.my.id# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

root@web-app:/var/icmp.my.id# ufw status
Status: active
To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
22/tcp (v6)                ALLOW       Anywhere (v6)
  • Cek rule ufw firewall berdasarkan number pada ufw firewall
root@web-app:/var/icmp.my.id# ufw status numbered
Status: active
     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 22/tcp (v6)                ALLOW IN    Anywhere (v6)

  • Allow koneksi http pada ufw firewall
root@web-app:/var/icmp.my.id# ufw allow http
Rule added
Rule added (v6)
root@web-app:/var/icmp.my.id# ufw status numbered
Status: active
     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 80/tcp                     ALLOW IN    Anywhere
[ 3] 22/tcp (v6)                ALLOW IN    Anywhere (v6)
[ 4] 80/tcp (v6)                ALLOW IN    Anywhere (v6)
  • Allow koneksi http dengan angka port pada ufw firewall
root@web-app:/var/icmp.my.id# ufw allow 80/tcp
Rule added
Rule added (v6)
root@web-app:/var/icmp.my.id# ufw status numbered
Status: active
     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 80/tcp                     ALLOW IN    Anywhere
[ 3] 22/tcp (v6)                ALLOW IN    Anywhere (v6)
[ 4] 80/tcp (v6)                ALLOW IN    Anywhere (v6)
  • Allow ip address dengan spesifik rule number pada ufw firewall
root@web-app:/var/icmp.my.id# ufw insert 2 allow from 103.6.196.115
Rule inserted
root@web-app:/var/icmp.my.id# ufw status numbered
Status: active
     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] Anywhere                   ALLOW IN    103.6.196.115
[ 3] 80/tcp                     DENY IN     Anywhere
[ 4] 22/tcp (v6)                ALLOW IN    Anywhere (v6)
[ 5] 80/tcp (v6)                DENY IN     Anywhere (v6)
  • Allow network dengan spesifik port dan spesifik rule number pada ufw firewall
root@web-app:/var/icmp.my.id# ufw insert 1 allow from 103.6.196.115/24 to any port 22
WARN: Rule changed after normalization
Rule inserted
root@web-app:/var/icmp.my.id# ufw status numbered
Status: active
     To                         Action      From
     --                         ------      ----
[ 1] 22                         ALLOW IN    103.6.196.0/24
[ 2] 22/tcp                     ALLOW IN    Anywhere
[ 3] 80/tcp                     DENY IN     Anywhere
[ 4] 22/tcp (v6)                ALLOW IN    Anywhere (v6)
[ 5] 80/tcp (v6)                DENY IN     Anywhere (v6)
  • Allow spesifik network interface (ens3) pada ufw firewall
root@web-app:/var/icmp.my.id# ufw allow in on ens3 to any port 80
Rule added
Rule added (v6)
root@web-app:/var/icmp.my.id# ufw status numbered
Status: active
     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 80/tcp                     DENY IN     Anywhere
[ 3] 80 on ens3                 ALLOW IN    Anywhere
[ 4] 22/tcp (v6)                ALLOW IN    Anywhere (v6)
[ 5] 80/tcp (v6)                DENY IN     Anywhere (v6)
[ 6] 80 (v6) on ens3            ALLOW IN    Anywhere (v6)

  • Deny koneksi http pada ufw firewall pada ufw firewall
root@web-app:/var/icmp.my.id# ufw deny http
Rule updated
Rule updated (v6)
root@web-app:/var/icmp.my.id# ufw status numbered
Status: active
     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 80/tcp                     DENY IN     Anywhere
[ 3] 22/tcp (v6)                ALLOW IN    Anywhere (v6)
[ 4] 80/tcp (v6)                DENY IN     Anywhere (v6)
  • Deny spesifik ip address pada ufw firewall
root@web-app:/var/icmp.my.id# ufw deny from 103.157.27.122
Rule added
root@web-app:/var/icmp.my.id# ufw status numbered
Status: active
     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 80/tcp                     DENY IN     Anywhere
[ 3] Anywhere                   DENY IN     103.157.27.122
[ 4] 22/tcp (v6)                ALLOW IN    Anywhere (v6)
[ 5] 80/tcp (v6)                DENY IN     Anywhere (v6)
  • Delete rule firewall pada ufw firewall
root@web-app:/home/admin# ufw status numbered
Status: active
     To                         Action      From
     --                         ------      ----
[ 1] 22                         ALLOW IN    103.6.196.0/24
[ 2] 22/tcp                     ALLOW IN    Anywhere
[ 3] Anywhere                   ALLOW IN    103.6.196.115
[ 4] 80/tcp                     DENY IN     Anywhere
[ 5] 80 on ens3                 ALLOW IN    Anywhere
[ 6] Anywhere                   DENY IN     103.157.27.122
[ 7] 22/tcp (v6)                ALLOW IN    Anywhere (v6)
[ 8] 80/tcp (v6)                DENY IN     Anywhere (v6)
[ 9] 80 (v6) on ens3            ALLOW IN    Anywhere (v6)

root@web-app:/home/admin# ufw delete 1
Deleting:
 allow from 103.6.196.0/24 to any port 22
Proceed with operation (y|n)? y
Rule deleted

root@web-app:/home/admin# ufw status numbered
Status: active
     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] Anywhere                   ALLOW IN    103.6.196.115
[ 3] 80/tcp                     DENY IN     Anywhere
[ 4] 80 on ens3                 ALLOW IN    Anywhere
[ 5] Anywhere                   DENY IN     103.157.27.122
[ 6] 22/tcp (v6)                ALLOW IN    Anywhere (v6)
[ 7] 80/tcp (v6)                DENY IN     Anywhere (v6)
[ 8] 80 (v6) on ens3            ALLOW IN    Anywhere (v6)

  • Disable ufw firewall
root@web-app:/home/admin# ufw disable
Firewall stopped and disabled on system startup

root@web-app:/home/admin# ufw status
Status: inactive

herdiana3389

A system administrator with skills in system administration, virtualization, linux, windows, networking, cloud computing, container, etc.