Skip to content

Easily Setup UFW Firewall in Ubuntu Cloud Server with LEMP Stack

The UFW firewall helps in protecting the cloud server from unauthorized access and allows only specific IP addresses and connections to the ports. The firewall is already pre-installed; however, we need to activate and execute the commands to allow other port access from the backend. The firewall also helps in blocking spam traffic.

Do you know that we also have a firewall for the Ubuntu Cloud server? Just like we have for Windows PC and macOS systems. It’s called Uncomplicated Firewall, i.e., UFW Firewall.

We always hear about the hacks and theft, even for big brands and data companies. Whether a small business in a local or substantial multi-national company, there will always be a fear of data invasion. These firewalls work as a gate pass between the external world and the internal server.

In this article, we will learn how to install and configure the UFW firewall to allow only Nginx HTTPS and SSH connection to the Cloud Server.

If you follow, this is the sixth article and video demo of the #CloudServer series. We recently published about LetsEncrypt setup for Nginx with a free SSL certificate.

Let’s dive into installing and configuring the UFW firewall for the LEMP Stack server —

What is the UFW Firewall?

The default firewall configuration tool for Ubuntu is ufw. Developed to ease iptables firewall configuration, ufw provides a user-friendly way to create an IPv4 or IPv6 host-based firewall.

Once we define the rules about whom to ‘allow’ and ‘deny’ connection, a firewall kicks out all other invalid access to the network.

Install UFW Firewall on Ubuntu

you can easily install the UFW firewall using the below command in SSH.

sudo apt install ufw

Once you’ve completed the installation, you can check the status of whether UFW is active or not using the below command.

sudo ufw status
Install UFW Firewall and view Running Status

If the firewall is active, you can view all the existing rules using the above command. Something like the below:

UFW Status with Active Rules

Enable IPv6 Support for UFW Firewall

The UFW is default enabled for IPv4; however, you can enable the support for IPv6 by editing the default folder. This is not mandatory unless you need it.

sudo nano /etc/default/ufw

Once in the editor mode, find the IPV6 line and modify it to reflect as below.

IPV6=yes
IPV6 Support in UFW Firewall

Close the editor once the change is done.

Setup Default policies for Connections

The default UFW policy only allows the outgoing network connection and disable all incoming connection. This means no outsider can connect to the server unless you have allowed it. But, any internal system can connect to the outside world.

This helps overall network security and eliminates unauthorized login. Using the below command, you will default to UFW settings to the originals.

Run the first command to deny any incoming connections.

sudo ufw default deny incoming

And this second command will be helping to allow all the outgoing connections only.

sudo ufw default allow outgoing
Default Policies for UFW connections

Allow UFW connection for SSH/SFTP.

Since we have denied all the incoming connections, we need SSH to connect our server remotely.

To allow the SSH connection, just run the below command.

sudo ufw allow SSH

Suppose the above command doesn’t work. You can alternatively allow the connections to PORT 22 using the below command.

This can also allow the SSH and SFTP connection to the Ubuntu Cloud server.

sudo ufw allow 22
Allow Port 22 connection with Firewall

You will now be able to connect SSH and SFTP safely.

Allow UFW Firewall for Nginx

We have allowed the SSH & SFTP connection; next, we will be allowing the connection of all the incoming and outgoing for our web server, i.e., Nginx.

Using the below command, you can run the below command to allow all HTTP and HTTPS incoming and outgoing connections to the Nginx web server.

sudo ufw allow 'Nginx Full'

However, if you want to enable the HTTP connection, i.e., the connection to port 80, then you can allow it using the below command.

sudo ufw allow 'Nginx HTTP'

Lastly, if you’ve SSL encrypted connection to the web server, you can allow the HTTPS to Nginx using the below command.

sudo ufw allow 'Nginx HTTPS'
Allow Nginx HTTPS in UFW Firewall

This will open the connection only to port number 443 for a secured connection.

Enable and Disable the UFW Firewall

We can easily enable the UFW Firewall on Ubuntu using the below command:

sudo ufw enable
Enable UFW Firewall Status

To disable Firewall protection, you can run the below command:

sudo ufw disable

Watch the video demo of UFW Firewall Setup

Watch the video of setting up the UFW Firewall on connections for Nginx HTTPS and SSH connections.

Setup UFW Firewall in Ubuntu Cloud to allow Nginx and SSH

I hope you liked the video and found it helpful. Please subscribe to our channel.

What’s next in the #CloudServer series?

You’ve learned how to set up the UFW Firewall; next, we will add some additional Nginx security snippets. It will make the server security stronger and prevent hackers from injecting cross scripts.

Leave a Reply

Your email address will not be published.