Check your currently implemented firewall rules with the following command:
iptables -L
Examine the output. On a clean Ubuntu installation you will see an empty ruleset:
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
If you see something different reset all firewall rules to allow everyone:
iptables -F
Enable UFW and check its status:
ufw enable ufw status verbose
Allow FTP, SSH and HTTP:
ufw allow ssh ufw allow ftp ufw allow http
Check firewall status again:
ufw status
Status: active To Action From -- ------ ---- 22 ALLOW Anywhere 21/tcp ALLOW Anywhere 80 ALLOW Anywhere 22 ALLOW Anywhere (v6) 21/tcp ALLOW Anywhere (v6) 80 ALLOW Anywhere (v6)
To allow the access to MySQL from specific IP address use the following command:
ufw allow from 1.2.3.4 to any port 3306 proto tcp
to delete this complex rule use the same command with ‘delete’ keyword:
ufw delete allow from 1.2.3.4 to any port 3306 proto tcp
To allow the access to eJabber web-admin from anywhere use the following command:
ufw allow to any port 5280 proto tcp
Allowing the access from Docker container to host’s MySQL:
ufw logging on grep -i ufw /var/log/syslog ufw allow from 172.17.0.2 to 172.17.0.1 port 3306 proto tcp ufw logging off
Finally I have:
sudo ufw status
Status: active To Action From -- ------ ---- 22 ALLOW Anywhere 80 ALLOW Anywhere 443 ALLOW Anywhere 21/tcp ALLOW Anywhere 172.17.0.1 3306/tcp ALLOW 172.17.0.2 49152:65534/tcp ALLOW Anywhere 3129/tcp ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6) 80 (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6) 21/tcp (v6) ALLOW Anywhere (v6) 49152:65534/tcp (v6) ALLOW Anywhere (v6) 3129/tcp (v6) ALLOW Anywhere (v6)
An example of adding and deleting a rule for the default time server:
sudo ufw allow ntp sudo ufw delete allow ntp
or
sudo ufw status numbered sudo ufw delete 8 sudo ufw delete 15