How To Set Up a Firewall with UFW on Ubuntu( 16.04 LTS, 18.04 LTS, 20.04 LTS) - Google Cloud Platform

Introduction

UFW (or Uncomplicated Firewall) is default firewall configuration tool for Ubuntu, ufw provides a user friendly way to create an IPv4 or IPv6 host-based firewall. By default UFW is disabled.

Prerequisites

To to follow this tutorial, you will need:

One Ubuntu server is created on Google Cloud Platform, which you can see by following Create your own Ubuntu server on Google Cloud Platform.

Step 1: Using IPv6 with UFW (Optional)

Keep in your mind, this tutorial is written with IPv4 but it will work for IPv6 as well as long as you enable it, so I recommended you to familiar with using IPv6. To do this, open UFW configuration with nano or your favorite editor:

sudo nano /etc/default/ufw

Then find to the line IPv6 and make sure this value is yes. It should look like this:

IPV6=yes

Save and close the configuration file. Now, UFW is configured to write for both IPv4 and IPv6 firewall rules as well.

By default UFW is disabled. However, before enabling UFW, I want to ensure that your firewall rules is configured to allow you to connect via SSH.

Step 2: Setting Up Default Policies

By default, UFW is set to all “incoming” connections is being denied and allow all “outgoing” connections. This means anyone trying to reach your server would not be able to connect, while any application within the server would be able to reach the outside world.

Now, let’s set your UFW rules back to the defaults. To do that, use these following commands:

sudo ufw default deny incoming
sudo ufw default allow outgoing

These commands set UWF rules to defaults that these rules will deny all incoming and allow all outgoing connections. However, your server need to respond to incoming requests from outside users. Now, go to the next step to see.

Step 3: Allowing SSH Connections

If you want remote to and manage your server you will need to allow incoming SSH connections.

Note 1: Here you are running Ubuntu server on Google Cloud Platform, so you need to allow incoming SSH connections remote to and control your server on Cloud Platform.

Note 2: Now if you enable UFW, you will can’t remote to your server because by default UFW deny all incoming SSH connections. So I want to ensure that you are configure your server to allow SSH connections before you enable your UFW firewall.

To configure your server to allow incoming SSH connections, use the following command:

sudo ufw allow SSH

The above command will create firewall rules that will allow all connections on port 22, which is the port that the SSH daemon listens on by default.

Instead of use the above command with SSH name service is specified, you can write the equivalent rule by specifying the port. For example, the following command works the same as the above command:

sudo ufw allow 22

If you want your SSH daemon listens on a different port, you will have to specify the other appropriate port instead of 22. For example, I want remote to my server via SSH on port 2222, I will use the command below to configure SSH daemon listens on port 2222:

sudo ufw allow 2222

Now that you have configured your server to allow “incoming” SSH connections, next step we can enable it.

Step 4: Enabling UFW

To enable UFW, simply use this command:

sudo ufw enable

After run the command you will receive a warning that says “Command may disrupt existing ssh connections. Proceed with operation (y|n)?". Due we already set up a firewall rule that allows SSH connections in Step 3, so this is fine to continue. Respond to the prompt with y and hit Enter

Now, the firewall is active and enabled on system startup. To see the status and rules that you are set, run the following command:

sudo ufw status verbose

You will see something look like this: