Mike Slinn

Uncomplicated Firewall on Ubuntu

Published 2022-07-16.
Time to read: 2 minutes.

This page is part of the posts collection, categorized under Security, Ubuntu, e-commerce.

All websites, especially ecommerce sites, need to be secure. A properly set up firewall is an essential component for a secure server.

Ubuntu 22.04 uses the Uncomplicated Firewall ufw firewall frontend by default. Ufw has been provided for Ubuntu since v8.04 (Hardy Heron).

Quick Setup

Enable ufw as follows:

Shell
$ sudo ufw enable
Firewall is active and enabled on system startup 

Enable the ufw application profiles for ssh and nginx (HTTP/HTTPS) like this:

Shell
$ sudo ufw allow OpenSSH
Output
  Rule added
  Rule added (v6) 

$ sudo ufw allow 'Nginx Full'
Output
  Rule added
  Rule added (v6) 

Diving Deeper

The following is mostly true:

The default firewall on Ubuntu 22.04 Jammy Jellyfish is ufw, which is short for “uncomplicated firewall.” Ufw is a frontend for the typical Linux iptables commands, but it is developed in such a way that basic firewall tasks can be performed without the knowledge of iptables.

Additionally, ufw can be managed from a graphical interface. In this tutorial, you will learn how to enable and disable the ufw firewall on Ubuntu 22.04 Jammy Jellyfish from both command line and GUI.

The above makes no mention of how Ubuntu 22.04 replaced iptables with nftables, as described below.

nftables as the default firewall backend

Firewalling on Linux consists of two components – the firewall mechanism within the Linux kernel, and the tools used to configure this from userspace. The Linux kernel has traditionally supported two different subsystems for firewall policies – iptables / xtables and the newer nftables.

Nftables brings significant benefits both in terms of performance and flexibility when creating and deploying firewall rules, particularly for dual stack IPv4/IPv6 systems.

The traditional iptables userspace management tool now configures the nftables kernel backend, whilst the new nft userspace tool is also present to allow the creation of more flexible rules not supported by the traditional iptables paradigm.

Digital Ocean has a good ufw tutorial.

* indicates a required field.

Please select the following to receive Mike Slinn’s newsletter:

You can unsubscribe at any time by clicking the link in the footer of emails.

Mike Slinn uses Mailchimp as his marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp’s privacy practices.