Skip to main content

Configuring a Host Firewall on Ubuntu using UFW

Hands-On Lab

 

Photo of Bob Salmans

Bob Salmans

Training Architect

Length

00:15:00

Difficulty

Beginner

In this lab, we will install and configure a firewall on an Ubuntu host using UFW. We will create the firewall rules to permit only VNC, HTTP, and SSH traffic inbound to the host and permit all outbound traffic from the host.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Configuring a Host Firewall on Ubuntu using UFW

Introduction

In this lab, we will install and configure a firewall on an Ubuntu host using UFW. We will configure the firewall rules to permit only inbound VNC, HTTP, and SSH traffic to the host and permit all outbound traffic from the host.

Setting Up the Environment

  1. Using VNC, connect to the public IP address of the instance on port 5901 (x.x.x.x:5901).
  2. Log in to the environment using the credenials provided on the lab instructions page.

Install UFW

  1. Run an update.
    sudo apt-get update
  2. Enter your password at the prompt.
  3. Install UFW.
    sudo apt-get install ufw

Configure the Default Rules to Deny All Inbound Traffic and Permit All Outbound Traffic

  1. Check the status of UFW.
    sudo ufw status verbose
  2. Configure UFW to deny all incoming traffic.
    sudo ufw default deny incoming
  3. Configure UFW to allow all outbound traffic.
    sudo ufw default allow outgoing

Configure UFW to Permit Only VNC, HTTP, and SSH Traffic to the Ubuntu Host

  1. Open ports 22, 80, and 5900:5901.
    sudo ufw allow 22 
    sudo ufw allow 80 
    sudo ufw allow 5900:5901/tcp

Enable UFW

  1. Enable the firewall.
    sudo ufw enable
  2. Check the status of the firewall.
    sudo ufw status verbose

Install the Lighttpd Web Server

  1. Install Lighttpd.
    sudo apt-get install -y lighttpd

Test the Configuration

  1. Connect to the host's IP address via SSH.
  2. You should be prompted for credentials.
  3. Type http://<PUBLIC_IP_ADDRESS> in the address bar of your browser, and press Enter to load the page.
  4. You should see the default web page for the Lighttpd web server.
  5. Close port 80.
    sudo ufw deny 80
  6. Attempt to visit the Lighttpd web page again.
  7. The page should now be blocked.

Conclusion

Congratulations, you've successfully completed this hands-on lab!