Post-Install: Part 2 – Estrella & Tech

~~Install updates~~
~~User control~~
Set up Linux’s ufw

Configuring a Linux Firewall— Basics

Continuing on the Ubuntu post-install process, we will expound on user control through the use of the uncomplicated firewall. We already allowed a specified account to run sudo for administrative privileges although that specified account is not an administrative account. We also dabbled in adding and removing users and groups. Access control encompasses allowing access but also restricting outside access/ traffic. But what does this mean for a beginner? Who should I restrict? How can I restrict outside connections? Restricting and regularly monitoring incoming traffic is a safeguard from unauthorized and unwanted connections. Especially for (1) networks that have not changed the default credentials and (2) networks that have not restricted outside traffic, unknown and unwanted connections make your system vulnerable.

On to the ufw— the uncomplicated firewall. If you don’t know (like I didn’t know, but now I know), now you now. According to Linode & Akamai Guides and several other online sources “By default, UFW’s rulesets are blank so it is not enforcing any firewall rules”. On the contrary, many tutorials begin with disabling the ufw and clearing out default rules. For the intent and purpose of training, we’re going to play it safe and begin with disabling the ufw and clearing out default rules. In summary we will accomplish this by checking the status, configuring rules, and lastly enabling the firewall. Before we start running commands, let us dive bellyflop into what we are going to do and why. Also, making changes to the ufw requires root privileges so make sure to use the sudo command.

Check ufw status (don’t enable yet!)
If ufw is active, disable ufw
- Why?
  - Default config may be a security concern and…
  - Do you really understand each rule? Setting up default policies from scratch is a good idea so you know what is actually going on
  - If the ufw were to be enabled before configuring the rules it may deny you access.
    - Here are two examples
      - Outside traffic is denied and you are connecting via ssh
      - You wrote a rule that allowed a ssh connection to a specified ip but your ip was dynamic and changed, now that specified ip not longer can connect
- Disable ufw
  - After disabling the ufw and reseting the default rules, verify the status. Trust (or not trust) but always verify.
    - sudo ufw disable
    - sudo ufw reset
    - sudo ufw status
Set up default policies from scratch so you now what is actually enabled. There are rules examples. Please don’t go configure these simply because the University of Google led to this post.
1. sudo ufw default deny incoming
2. sudo ufw default allow outgoing
3. sudo ufw allow ssh
4. sudo ufw allow http
5. sudo ufw allow https
6. Sudo ufw allow *insert specific IP*
  - or Sudo ufw allow *specific IP* to *specific port*
  - Ex: Sudo ufw allow xxx.x.x to port 22
7. sudo ufw deny xxx.x.x.x
8. sudo systemctl start ufw
9. sudo ufw enable
  - “This may disrupt existing connections”
    - Select yes, rules will display