Configure ufw firewall to secure your server

Uncomplicated Firewall (UFW) is a user-friendly front-end for managing iptables on Linux. It simplifies the configuration of network security rules. This guide provides steps to configure UFW, including advanced features such as rate limiting, anti-DDoS measures, and other security optimizations.

Prerequisites

Before starting, ensure:

UFW is installed on your GNU/Linux system.
You have root or sudo privileges.

Step 1: Install UFW

Debian/Ubuntu:

sudo apt install ufw -y

Arch Linux:

sudo pacman -S ufw

Fedora/Rocky Linux:

(UFW is not pre-installed but can be added from the repositories.)

sudo dnf install ufw -y

Step 2: Enable UFW

Enable UFW and set the default rules:

Set Default Policies:
- Deny incoming traffic by default and allow outgoing:
```
sudo ufw default deny incoming
sudo ufw default allow outgoing
```
Enable the Firewall:
```
sudo ufw enable
```
Check Status:
```
sudo ufw status verbose
```

Step 3: Allow Common Services

Allow traffic for essential services:

SSH:
```
sudo ufw allow ssh
```
By default, SSH uses port 22. If using a custom port (e.g., 2222):
```
sudo ufw allow 2222/tcp
```

HTTP and HTTPS:

sudo ufw allow http
sudo ufw allow https

Custom Services: Specify a port or range of ports:

sudo ufw allow 8080/tcp
sudo ufw allow 3000:3100/udp

Step 4: Enable Advanced Security Features

4.1 Rate Limiting

Rate limiting protects against brute force attacks by limiting repeated connections.

Apply rate limiting to SSH:
```
sudo ufw limit ssh
```
For a custom port:
```
sudo ufw limit 2222/tcp
```

The limit rule allows 6 connections within 30 seconds from the same IP. Additional attempts will be denied temporarily.

4.2 Block Specific IPs or Networks

Block malicious IPs or ranges:

sudo ufw deny from 192.168.1.100
sudo ufw deny from 192.168.1.0/24

4.3 Allow Specific IPs

Restrict access to a service to specific IPs:

sudo ufw allow from 8.8.8.8 to any port 22

4.4 Enable Logging

Enable logging to monitor denied traffic:

sudo ufw logging on

Logs are stored in /var/log/ufw.log. To adjust verbosity:

sudo ufw logging high

Step 5: Anti-DDoS Measures

5.1 Rate Limit Specific Ports

Apply rate limiting to services prone to abuse:

sudo ufw limit http
sudo ufw limit https

5.2 Block Fragmented Packets

Fragmented packets are often used in DDoS attacks. Block them with:

sudo ufw deny proto tcp from any to any fragment

5.3 Allow Established Connections Only

Ensure only established connections are allowed:

sudo ufw allow proto tcp from any to any state ESTABLISHED,RELATED

Step 6: Testing the Firewall

Check Rules:
```
sudo ufw status numbered
```
Simulate Access:
- Test with tools like curl or network scanning tools (e.g., nmap) to ensure the firewall behaves as expected.
Remove or Edit Rules:
- Remove a specific rule by its number:
```
sudo ufw delete [rule_number]
```
- Modify or add rules as necessary.

Step 7: Backup and Restore Rules

Backup UFW rules:

sudo ufw export > ufw-rules-backup.txt

Restore rules from a backup:

sudo ufw reset
sudo ufw import ufw-rules-backup.txt

Conclusion

UFW simplifies managing firewall rules on Linux, while offering advanced features to enhance security. By implementing rate limits, blocking malicious IPs, and optimizing configurations, you can protect your system from brute force attacks, DDoS attempts, and other threats. Regularly monitor logs and update rules to maintain a secure environment.