Archive

Articles taggués ‘ufw’

How to Install and Configure UFW – An Un-complicated FireWall in Debian/Ubuntu

01/03/2016 Comments off

ufw debian ubuntuSince computers are connected to each other, services are growing fast. Email, Social Media, Online Shop, Chat until Web Conferencing are services that used by user. But on the other side this connectivity just likes a double-side knife. It’s also possible to send bad messages to those computers like Virus, malware, trojan-apps are one of them.

Install UFW Firewall

The Internet, as the biggest computer network is not always fill with good people. In order to make sure our computers / servers are safe, we need to protect it.

One of the must have component on your computer / servers is Firewall. From Wikipedia, a definition is:

In computing, a firewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic by analysing the data packets and determining whether they should be allowed through or not, based on applied rule set.

Iptables is one of the firewall that widely used by servers. It is a program used to manage incoming and outgoing traffic in the server based on a set of rules. Generally, only trusted connection is allowed to enter the server. But IPTables is running at console mode and it’s complicated. Those who’re familiar with iptables rules and commands, they can read the following article that describes how to use iptables firewall.

Installation of UFW Firewall in Debian/Ubuntu

To reduce the complexity of how-to setting IPTables, there is a lot of fronted. If you’re running Ubuntu Linux, you will find ufw as a default firewall tool. Lets start to explore about ufw firewall.

What is ufw

The ufw (Uncomplicated Firewall) is an frontend for most widely used iptables firewall and it is well comfortable for host-based firewalls. ufw gives a framework for managing netfilter, as well as provides a command-line interface for controlling the firewall. It provides user friendly and easy to use interface for Linux newbies who are not much familiar with firewall concepts.

While, on the other side same complicated commands helps administrators it set complicated rules using command line interface. The ufw is an upstream for other distributions such as Debian, Ubuntu and Linux Mint.

Basic Usage ufw

First, check if ufw is installed using following command.

$ sudo dpkg --get-selections | grep ufw
ufw 		install

If it’s not installed, you can install it using apt command as shown below.

$ sudo apt-get install ufw

Before you use, you should check whether ufw is running or not. Use the following command to check it.

$ sudo ufw status

If you found Status: inactive, it mean it’s not active or disable.

NEW! An indispensable ebook for every Linux administrator!

Enabling / Disabling ufw

To enable it, you just need to type the following command at the terminal.

$ sudo ufw enable

Firewall is active and enabled on system startup

To disable it, just type.

$ sudo ufw disable

List the current ufw rules

After the firewall is activated you can add your rules into it. If you want to see what are the default rules, you can type.

$ sudo ufw status verbose
Sample Output
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip
$

Lire la suite…

UFW: an Uncomplicated Firewall

01/03/2016 Comments off

Introduction

For an introduction to firewalls, please see Firewall.

UFW – Uncomplicated Firewall

The default firewall configuration tool for Ubuntu is ufw. Developed to easeiptables firewall configuration, ufw provides a user friendly way to create an IPv4 or IPv6 host-based firewall. By default UFW is disabled.

Gufw is a GUI that is available as a frontend.

Basic Syntax and Examples

Default rules are fine for the average home user

When you turn UFW on, it uses a default set of rules (profile) that should be fine for the average home user. That’s at least the goal of the Ubuntu developers. In short, all ‘incoming’ is being denied, with some exceptions to make things easier for home users.

Enable and Disable

Enable UFW

To turn UFW on with the default set of rules:

sudo ufw enable

To check the status of UFW:

sudo ufw status verbose

The output should be like this:

youruser@yourcomputer:~$ sudo ufw status verbose
[sudo] password for youruser:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip
youruser@yourcomputer:~$

Note that by default, deny is being applied to incoming. There are exceptions, which can be found in the output of this command:

sudo ufw show raw

You can also read the rules files in /etc/ufw (the files whose names end with .rules).

Disable UFW

To disable ufw use:

sudo ufw disable

Lire la suite…

Protect DDOS attacks

22/01/2016 Comments off

Protect DDOS attacks

Using ModEvasive agains DDoS attacksprotect ddos attacks

The first think to do is to install ModEvasive. All details are provided in http://hardenubuntu.com/hardening/apache/modsecurity/.

Configuring UFW

The following instructions can be added to the UFW rules. Edit the /etc/ufw/before.rules:

sudo vi /etc/ufw/before.rules

Add those lines after *filter near the beginning of the file:

:ufw-http - [0:0]
:ufw-http-logdrop - [0:0]

Add those lines near the end of the file, before the COMMIT:

### Start HTTP ###

# Enter rule
-A ufw-before-input -p tcp --dport 80 -j ufw-http
-A ufw-before-input -p tcp --dport 443 -j ufw-http

# Limit connections per Class C
-A ufw-http -p tcp --syn -m connlimit --connlimit-above 50 --connlimit-mask 24 -j ufw-http-logdrop

# Limit connections per IP
-A ufw-http -m state --state NEW -m recent --name conn_per_ip --set
-A ufw-http -m state --state NEW -m recent --name conn_per_ip --update --seconds 10 --hitcount 20 -j ufw-http-logdrop

# Limit packets per IP
-A ufw-http -m recent --name pack_per_ip --set
-A ufw-http -m recent --name pack_per_ip --update --seconds 1 --hitcount 20 -j ufw-http-logdrop

# Finally accept
-A ufw-http -j ACCEPT

# Log
-A ufw-http-logdrop -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW HTTP DROP] "
-A ufw-http-logdrop -j DROP

### End HTTP ###

Lire la suite…

How To Set Up a Firewall with UFW on Ubuntu 14.04

28/10/2015 Comments off

Source: DigitalOcean – Mitchell Anicas

Introduction

UFW, or Uncomplicated Firewall, is an interface to iptables that is geared towards simplifying the process of configuring a firewall. While iptables is a solid and flexible tool, it can be difficult for beginners to learn how to use it to properly configure a firewall. If you’re looking to get started securing your network, and you’re not sure which tool to use, UFW may be the right choice for you.

This tutorial will show you how to set up a firewall with UFW on Ubuntu 14.04.

Prerequisites

Before you start using this tutorial, you should have a separate, non-root superuser account—a user with sudo privileges—set up on your Ubuntu server. You can learn how to do this by completing at least steps 1-3 in the Initial Server Setup with Ubuntu 14.04 tutorial.

UFW is installed by default on Ubuntu. If it has been uninstalled for some reason, you can install it with apt-get:

sudo apt-get install ufw

Using IPv6 with UFW

If your Ubuntu server has IPv6 enabled, ensure that UFW is configured to support IPv6 so that it will manage firewall rules for IPv6 in addition to IPv4. To do this, open the UFW configuration with your favorite editor. We’ll use nano:

sudo nano /etc/default/ufw

Then make sure the value of « IPV6 » is to equal « yes ». It should look like this:

/etc/default/ufw excerpt
...
IPV6=yes
...

Save and quit. Hit Ctrl-X to exit the file, then Y to save the changes that you made, then ENTER to confirm the file name.

When UFW is enabled, it will be configured to write both IPv4 and IPv6 firewall rules.

This tutorial is written with IPv4 in mind, but will work fine for IPv6 as long as you enable it.

Check UFW Status and Rules

At any time, you can check the status of UFW with this command:

sudo ufw status verbose

By default, UFW is disabled so you should see something like this:

Output:
Status: inactive

If UFW is active, the output will say that it’s active, and it will list any rules that are set. For example, if the firewall is set to allow SSH (port 22) connections from anywhere, the output might look something like this:

Output:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere

As such, use the status command if you ever need to check how UFW has configured the firewall.

Before enabling UFW, we will want to ensure that your firewall is configured to allow you to connect via SSH. Let’s start with setting the default policies.

Lire la suite…