Ufw Firewall Allow SSH
A firewall is only an additional layer of security that can be used to secure cloud servers. By obstructing harmful or unnecessary data transmission, firewalls protect our computers or network from outside cyberattacks. Furthermore, firewalls can prevent malicious software from logging onto a network or system via the Internet. UFW firewall essentially grants access to manage a simple firewall for network security. Their main objective is to simplify firewall control through the use of an intuitive Graphical user interface.
How We Can Perform Ufw Firewall Allow SSH in Linux
To discuss the topic of ufw firewall, we need a Linux operating system to deal with Linux commands on the terminal so we utilize “Ubuntu” as a virtual machine for Linux. Then, we need to install the ufw firewall in our Ubuntu Linux operating system and proceed with further Linux commands. Installing the firewall and open the terminal of the Linux operating system for utilizing commands. Mostly, we would utilize the “sudo” command for the firewall; this command would require the password. We need to write the password and then press enters to run the firewall ssh commands.
Now, let us start implementing the commands on the terminal where we utilize the “sudo” command of “apt install ufw” which can be used for installing the firewall setup in the operating system. After implementing the command on the terminal, we will click the enter button. After that, it would require the password for it, we need to add it, and then it would undergo work.
After the command, we will run this command and it will give the following output on the Linux terminal screen showing that the firewall ufw has been installed.
Building dependency tree
Reading state information. . . Done
Ufw is already the newest version (0.36-6ubuntu1).
Ufw set to manually installed.
The following package was automatically installed is no longer required:
Libfwupdplugin1
Use ‘sudo apt autoremove’ to remove it.
When we have gone through the installation process, we will utilize the “sudo” command of “status” for checking whether the ufw firewall is in the activation state or not. So, we will add the following command for checking the state of the firewall.
As our firewall is not in active condition after installation, it would display the “inactive” on the output screen about the present state of the firewall.
Now we need to activate the firewall in our operating system so we need to add the “enable” command of ufw along with the “sudo” family in the terminal that will just simply send the firewall into the active state.
When the command would be implemented, it would display on the terminal screen that “Firewall is active and enabled on system startup”. Now, our firewall ufw is working.
Now, we will look up the phenomenon of handling the “IPv6” and setting it up to handle the present running attacks of the firewall. So, we utilize the “default” along with the “ufw” between the slashes that can be seen as a path.
When we switch the above command into the running state, it would display the instructions for configuring any file present in the operating system that could link to the ufw firewall.
#
# Set to yes to apply rules to support Ipv6 (no means only Ipv6 on loopback
# accepted). You will need to ‘disable’ and then ‘enable’ the firewall for
# the changes to take affect.
Ipv6=yes
# Set the default input policy to ACCEPT, DROP, or REJECT. Please note that if
# you change this you will most likely want to adjust your rules.
DEFAULT_INPUT_POLICY=”DROP”
# Set the output policy to ACCEPT, DROP , or REJECT. Please note that if
# you change thus you will most likely want to adjust your rules
DEFAULT_OUTPUT_POLICY=”ACCEPT”
# Set the default input policy to ACCEPT, DROP, or REJECT. Please note that if
# you change this you will most likely want to adjust your rules.
DEFAULT_FORWORD_POLICY=”DROP”
# set the default application policy to ACCEPT, DROP, or REJECT or SKIP. Please
# note that setting this to ACCEPT may be a security risk. See ‘man ufw’ for
# details
DEFAULT_APPLICATION_POLICY=”SKIP”
# By default , ufw only touches its own chains. Set this to ‘yes’ to have ufw
# manage the built –in chains too. Warning: setting this to ‘yes’ will break
# non-ufw managed firewall rules
MANAGE_BUILTINS=no
#
# IPT backend
#
# only enable if using iptables backend
IPT_SYSCTL=/etc/ufw/sysctl.conf.
Now, let us discuss the “outgoing” command that could convert our firewall easily and simply. With this command, we can configure some rules that could be based on our demands and needs for accepting and rejecting the firewall connections. It could also help to send the system to a disabled state when the other user tries to interrupt our operating system. We would add the following command on the terminal for allowing the system to interact with servers.
With this we can see in the output display it would allow the permission to change the outgoing default policy and we can make changes in the firewall setup by keeping the rules as well. It would also allow us to keep back the changes to the default server that were added at the time of installation.
Linux@linux:~$ (be sure to update your rules accordingly)
If we want to make changes to the rules or want to make some additions to the rules, we can use “ufw allow ssh” along with the “sudo” command on the terminal. In addition, we utilized the following command on the Linux terminal given below.
When we press enter on the terminal, it will display the message “Rule added” and we will choose rule addition. So, we utilized the “v6”.
Linux@linux:~$ Rule added (v6)
Now, we will have a look at when we are connected to the ssh cloud server and then how we can change the permission policies of a firewall. The command of “allow” would be preferred for this purpose to avoid rejection along with the “22/tcp”. The whole command is given below.
This command would possess the rejection or skip of any specific rule as displayed on the output display that shows “Skipping adding existing rule” and the rule to be skipped is “v6”. If any rule is present in the ruling directory, we need to skip it then we can utilize this command.
Linux@linux:~$ Skipping adding existing rule (v6)p
We have another command for the addition of rules in Linux in the “tcp” family. This command would have “2222” instead of “22” along with the slash “tcp”.
When we pass the above command through the running process, it would display that it is ready to add rules. The same output would be displayed as we have done in the “allow” command utilized for rules addition.
Linux@linux:~$ Rule added (v6)
Now, we will see the deletion process of firewall rules in Linux. For this purpose, we can utilize the simple “delete” command along with “allow ssh”. With this command, we can easily delete the newly added rule.
It would display on the output screen that the rule has been deleted and similarly the value would remain the same as “v6”.
Linux@linux:~$ Rule deleted (v6)
Now, we will see the case if it would be unable to delete the non-existing rule in the ufw firewall. We utilize the following command that is not able to delete it:
This command would simply display the “could not delete non-existent” rule. As the rule to be deleted would not be present so it would be impossible for the system to delete it.
Linux@linux:~$ Could not delete non-existent rule (v6)
Lastly, we utilized the “disable” command for stopping the firewall and sending it to the sleep state. The command utilized for disabling the firewall system is provided below.
By this command, it would stop working and disable the startup of our Linux operating system.
Conclusion
We have covered the firewall in this article that supports ssh on Linux systems. First, we discussed the commands that could be used to activate the firewall and then we talked about adding or modifying firewall rules to deal with external servers. Additionally, we have talked about removing rules from the firewall rules that were not present and saw the occurrence of the firewall being off in our operating system.
Source: linuxhint.com