Firewall prevents access to all ports, except the ones you allow.
Ubuntu ‘ufw’ command makes it easy to set up a firewall on Ubuntu.
It only takes two commands to set up a firewall:
$ sudo ufw allow 22/tcp $ sudo ufw enable
If you are sitting in front of your computer (instead of controlling it remotely with SSH), you can leave out the hole for the SSH port 22/tcp. A desktop firewall is just a single command.
That’s it, you have now set up your firewall. It will be automatically started if you reboot your computer. Because the firewall is stateful, you can browse the Internet, but the computers from the internet can’t access your computer.
Making Holes for Daemons
If you want to make some servers public, you have to make holes for them. Most clients don’t need holes, you can browse the web with Firefox without any holes.
SSH server:
$ sudo ufw allow 22/tcp
Web server, normal http is 80 and TLS encrypted https is 443:
$ sudo ufw allow 80/tcp $ sudo ufw allow 443/tcp
What next?
If your firewall is working, congratulations. You’re done.
You can view your rules with ‘sudo ufw status verbose’. For more subcommands, see ‘man ufw’.
You can make really fancy firewalls with iptables, the system behind ufw. To get started with iptables, see firetero and Firewall for Single Host with Iptables.
ps. Always use good passwords.
Updated: moved fold. Reminder for good passwords.