An easy firewall configuration for Ubuntu
To configure a firewall on an Ubuntu server to only allow HTTPS (port 443) and SSH (port 22) and block all other ports, follow these steps using UFW (Uncomplicated Firewall):
If not already installed, you can install UFW by running:
sudo apt update
sudo apt install ufw
Before enabling UFW, ensure SSH port is allowed to avoid being locked out:
sudo ufw allow ssh
Or specify the port number:
sudo ufw allow 22/tcp
To allow HTTPS connections, run:
sudo ufw allow https
Or specify the port number:
sudo ufw allow 443/tcp
After configuring the rules, enable UFW:
sudo ufw enable
Check the status of UFW and the applied rules:
sudo ufw status
By default, UFW denies all incoming and allows all outgoing connections. If needed, set default policies:
sudo ufw default deny incoming
sudo ufw default allow outgoing
To open more ports in the future, add new rules with:
sudo ufw allow
Before enabling UFW, make sure your IP address is allowed for SSH connections. Replace YOUR_IP_ADDRESS with your actual IP address. For multiple IP addresses, repeat this step for each one.
sudo ufw allow from YOUR_IP_ADDRESS to any port 22
Example for allowing SSH from a specific IP address:
sudo ufw allow from 192.168.1.100 to any port 22
Check the status of UFW and verify your rules:
sudo ufw status
To update allowed IP addresses for SSH, delete the existing rule and add a new one with the updated IP address. To delete a rule, use:
sudo ufw delete allow from OLD_IP_ADDRESS to any port 22
Then, add a new rule with the new IP address as previously shown.
Remember to replace ssh and https with specific port numbers if your services run on non-standard ports. Be cautious when modifying firewall settings to avoid locking yourself out of the server.