A month before, I have purchased a node in Digital Ocean. I have to admit it, they are a very good cloud solution provider. From a tiny startup to a large corporate, they have any type of solution. I have chosen Ubuntu 14.4 to go with the Digital Ocean droplet. Why I chose Ubuntu! Because of the vast amount of packages available for it via Aptitude.

After having my droplet booted up, there are a lot of work to do. I started with installing the UFW.

###What is UFW? UFW stands for Uncomplicated Firewall, is a front-end to iptables. It will manage your firewall while providing a very easy interface. It’s supported and popular on most of the Linux distos.

###How to install UFW UFW can be installed using aptitude. The following command will install UFW.

$ sudo apt-get install ufw

###Start the UFW Current status of UFW can be seen using the command below.

$ sudo ufw status

To start and stop UFW the following commands are used below.

$ sudo ufw enable
$ sudo ufw disable

###Using IPv6 To enable IPv6 support we need to modify the /etc/default/ufw file.

$ sudo vi /etc/default/ufw

Then make sure “IPV6” is set to “yes”, like:

IPV6=yes

Now restart the UFW.

###Setup defaults After installing and starting the UFW, the first task is to setup the default rules. To deny all incoming and outgoing connections I have executed:

$ sudo ufw default deny incoming
$ sudo ufw default deny outgoing

if you do not want to be so much restrictive, then you can allow all outgoing connections.

###Some defaults settings After done so, I needed to configure UFW to continue working. Like allowing SSH, WWW etc.

$ sudo ufw allow ssh
$ sudo ufw allow www

If you want to allow other ports, follow the command:

$ sudo ufw allow 8000/tcp

Update your port in place of 8000 and udp if needed in place of tcp. If you need to set rules for port range:

$ sudo ufw allow 8000:9000/tcp

Setting rules for a specific IP address is also possible:

$ sudo ufw allow  from 192.168.255.255

Update your IP as needed.

###Deny a connection Setting rules to deny is almost like the allow command. We need to replace the allow with deny like:

$ sudo ufw deny 8000/tcp

###Deleting an existing rule Deleting a rule is also possible.

$ sudo ufw delete allow ssh
$ sudo ufw delete allow 80/tcp
$ sudo ufw delete allow 1000:2000/tcp

If this way of deleting seems difficult to you, then you can get the current rules in a numbered list and use that number to delete the rule like:

$ sudo ufw status numbered
$ sudo ufw delete [number]

###Problem with APT-GET As I have denied all the connection now, apt-get will not work because of UFW. To fix this issue I have added the following rules:

ufw allow http
ufw allow 53
ufw allow out http
ufw allow out 53

###RESET everything If you need to reset the total configuration then:

$ sudo ufw reset

If you are working on a desktop (not a server), and you have access to a GUI, then you can use GUFW to manage all these settings from a graphical interface. Get it from here http://gufw.org/

That’s it. That’s how to work with UFW on an Ubuntu platform.