Ubuntu Server’s firewall is called ufw. If you are running an Ubuntu Server, you definitely want to enable some kind of firewall to keep intruders out of your ports. They likely will perform a port scan and try to find weaknesses. You can prevent this by enabling ufw and then configuring it to open ports that need access and close ones that don’t.
Enable ufw:
sudo ufw enableCheck ufw status:
sudo ufw statusAllow a service to run (example: ftp, telnet, ssh, http):
sudo ufw allow httpOpen a port:
sudo ufw allow 22Close a port:
sudo ufw deny 22Open a range of ports and specify TCP or UDP:
sudo ufw allow 300:310/tcpClose a range of ports and specify TCP or UDP:
sudo ufw deny 300:310/tcpDelete a service:
sudo ufw status numbered
#creates a numbered list of services, example:
[ 1] 21/tcp ALLOW IN Anywhere
[ 2] 22/tcp ALLOW IN Anywhere
[ 3] 80/tcp ALLOW IN Anywhere
sudo ufw delete 3
#replace 3 with the service you want to deleteList applications that ufw can open service for:
sudo ufw app list
#will generate a list similar to this:
Available applications:
Apache
Apache Full
Apache Secure
CUPS
OpenSSH
plexmediaserver
plexmediaserver-all
plexmediaserver-dlnaEnable an application such as Apache. This is extremely important for a WordPress installation!
sudo ufw allow in "Apache Full"Disable ufw:
sudo ufw disableIf you somehow screwed your ufw permissions up, you can reset them all. If you are configuring with SSH, make sure to enable your SSH service before re-enabling ufw!
sudo ufw resetHopefully, you have configured all of your services appropriately and have a good working firewall. If somehow this exercise is messing your server up, you can always disable it with “sudo ufw disable” until you can get more help or have more time to experiment. Happy and safe computing!