Objective

The objective is to enable UFW firewall, deny all incoming ports however only allow HTTP port 80 and HTTPS port 443 on Ubuntu 18.04 Bionic Beaver Linux

Operating System and Software Versions

  • Operating System: - Ubuntu 18.04 Bionic Beaver

Requirements

Privileged access to your Ubuntu 18.04 Bionic Beaver will be required.

Difficulty

EASY

Conventions

  • # - requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
  • $ - requires given linux commands to be executed as a regular non-privileged user

Instructions

Check a current firewall status

Check your firewall status. By default the UFW firewall will be disabled:
$ sudo ufw status
Status: inactive

Block all incoming traffic

First, we can block all incoming traffic using the following linux command:
$ sudo ufw default deny incoming
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)

Allow HTTP/HTTPS incoming traffic

UFW offers three possible profiles to allow/deny traffic to the Apache web server:
  • Apache - Port 80
  • Apache Full - Ports 80,443
  • Apache Secure - Port 443
and Nginx webserver:
  • Nginx HTTP - Port 80
  • Nginx Full - Ports 80,443
  • Nginx HTTPS - Port 443
Using the above profile names we can allow an incoming traffic to suit any scenario. For example to allow both ports 80,443 on for Apache execute:
$ sudo ufw allow in "Apache Full"
Rule added
Rule added (v6)
Alternatively, to allow only port 443 on Nginx server execute:
$ sudo ufw allow in "Nginx HTTPS"

Enable Firewall

$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

$$$ Looking for LINUX ADMINISTRATOR ! $$$

BLUE SKY STUDIOS are looking for Linux Administrator to maintain and support the Studio's 450+ production Linux workstations, including daily interactions with the Studio’s digital animation artists.
LOCATION: Greenwich, Connecticut, USA

APPLY NOW

Check status

$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----               
80,443/tcp (Apache Full)   ALLOW IN    Anywhere                             
80,443/tcp (Apache Full (v6)) ALLOW IN    Anywhere (v6)

Appendix

Error:
$ sudo ufw allow in "Apache Full"
ERROR: Could not find a profile matching 'Apache Full'
You do not have Apache webserver installed on your system yet. To install Apache webserver execute:
$ sudo apt install apache2
ARE YOU LOOKING FOR A LINUX JOB?
Submit your RESUME, create a JOB ALERT or subscribe to RSS feed on LinuxCareers.com.
LINUX CAREER NEWSLETTER
Subscribe to NEWSLETTER and receive latest news, jobs, career advice and tutorials.
DO YOU NEED ADDITIONAL HELP?
Get extra help by visiting our LINUX FORUM or simply use comments below.

You may also be interested in: