Introduction: The First Line of Defense for Your Server

Before thinking about complex intrusion detection systems such as Fail2ban or CrowdSec, you need to build the first and most reliable line of defense—a firewall. A firewall controls all network traffic entering and leaving your server and blocks unauthorized connection attempts.

Traditionally, Linux servers have used iptables to manage firewalls, but its syntax can be complicated and confusing. Fortunately, there is a simpler and more intuitive tool — UFW (Uncomplicated Firewall).

What Is UFW and Why Is It Important?

UFW is a user interface for managing iptables (or nftables on modern systems). Its main purpose is to make firewall configuration as simple and accessible as possible, even for beginner system administrators. UFW is not a new firewall but a convenient “wrapper” around Linux’s built-in mechanisms, allowing you to quickly and accurately set up basic security rules.

Why UFW is important:

• Principle of least privilege: By default, a server should be closed to all external traffic except explicitly allowed services (e.g., SSH or HTTP/HTTPS). UFW makes it easy to enforce this principle.
• Reducing the attack surface: Closing unnecessary ports and services minimizes potential “entry points” for attackers.

Key Features and Benefits of UFW

• Simplicity and intuitiveness: This is the main advantage. Instead of long and complex iptables commands, UFW uses simple and logical syntax:

  # Allow incoming traffic on port 22 (SSH)
  sudo ufw allow 22/tcp
  
  # Deny incoming traffic on port 8080
  sudo ufw deny 8080/tcp
  

• Secure default rules: UFW allows you to easily configure default rules, which is a best security practice.

  # Deny all incoming traffic by default
  sudo ufw default deny incoming
  
  # Allow all outgoing traffic by default
  sudo ufw default allow outgoing
  

  This creates a strong foundation on which you can then add specific service rules.

• Support for application profiles: UFW can manage rules for popular applications by name. If you have, for example, installed an Apache web server, you can allow access to it with one command.

  # Allow traffic for Apache
  sudo ufw allow 'Apache'
  

  This command automatically opens ports 80 (HTTP) and 443 (HTTPS), which is very convenient.

• Easy management and logging: You can check the current firewall status and list of rules with one command:

  sudo ufw status verbose
  

  You can also enable logging to track blocked access attempts:

  sudo ufw logging on
  

Limitations and Considerations of UFW

• Limited flexibility for complex tasks: For most typical tasks, UFW is ideal. However, if you need very complex routing, NAT, or other specific rules, UFW may not be enough. In such cases, you may need to work directly with iptables or nftables.

• Backend dependency: UFW is just a “wrapper.” All its commands are ultimately translated into iptables or nftables rules. If you are already using complex manually configured rules, they may conflict with UFW.

Conclusion

UFW is an essential tool for anyone managing a Linux server. It provides a simple and effective way to set up a firewall, ensuring basic but critical protection.

You should not rely solely on Fail2ban or CrowdSec to block attacks; first, close all ports and only open those that are truly necessary. This is where UFW proves to be indispensable.

In the final article of this series, we will discuss Lynis — a tool that allows you to proactively detect vulnerabilities and harden your server.