Data protection is a set of activities and techniques that you can use to ensure your data’s confidentiality, accessibility, and integrity. It is a major concern of computer users nowadays, as your private data can be misused by third parties for fraud. To ensure data integrity, Linux allows you to configure a firewall and set its privacy according to your requirements. This article is all about configuring your firewall to set data privacy on Ubuntu LTS 20.04.
A firewall is a type of network security software that checks entering and departing traffic on the network. In plain terminology, a firewall is a virtual barrier that is set up to prevent the least amount of damage from occurring. As a result, a barrier is put between safe and unsafe areas. Where your private networks are safe, and the internet, a large public network is dangerous. In this way, a firewall not only prevents malicious attacks on your server but also protects you from unwanted network communication.
Private network services are restricted based on several factors, such as connections, while public services can be left open and available on the internet. Internal services can be made completely inaccessible via the internet. In most of the configurations, access to ports that aren’t in use is completely blocked.
How to Configure Your Linux Firewall to Protect Your Data Center
We can configure the firewall of our system using both the command-line and graphical user interface. Below are the ways to configure our firewall and protect the data that we are going to discuss below. You can choose any approach that you find easy for you:
- Configure Your Linux Firewall using GUFW
- Configure Your Linux Firewall Using UFW
Method 1:Configure Your Linux Firewall using GUFW
It’s one of the simplest ways to set up your firewall. GUFW is a graphical utility for uncomplicated firewalls.
Step 1: Installing gufw
First, open the Ubuntu Appstore, and in the search bar, type “gufw” and install the “firewall configuration” tool.
Step 2: Launch GUFW
After successful installation, open activities, and in the search bar, type “gufw” and select the “firewall configuration” option.
Step 3: Enable Firewall
To allow the firewall, simply turn it on from the status menu. All incoming connections are blocked by default, while all outgoing connections are permitted.
Step 4: Add your own rules
Click on the “Rules” tab below.
Now click on “+” below to add your own rules.
A new window will appear. If you want to add any rule, add that rule and then click on the “Add” button.
Method 2: Configure Your Linux Firewall Using UFW
UFW stands for “uncomplicated firewall”. It is one of the command line approaches to configuring firewalls to protect data. It’s simple to use and comes pre-installed in many Linux distributions.
Step 1: Check the status
By default, ufw is disabled in Ubuntu. Run the below-mentioned command to check its status.
$ sudo ufw status |
|---|
Step 2: Enable firewall
If the status is inactive, enter the below-mentioned command on the terminal to enable it.
$ sudo ufw enable |
|---|
Step 3: Checking Existing App Rules
Run the below-mentioned command to check the list of apps that the firewall has rules for.
$ sudo ufw app list |
|---|
Step 4: Checking open ports
You can look into which ports are open for those rules for “CUPS” by running the below-mentioned command.
$ sudo ufw app info CUPS |
|---|
You can also change the name of the app according to your requirements in the above command.
Port 631 is available for “CUPS”.
Step 5: Creating your own rules
Below, I will create some of my own rules. You can also change these rules according to your requirements.
Allowing access only from your PC to other devices
Firstly, you need to check the local IP address of your system with the below-mentioned command.
$ ip a |
|---|
Now use this IP in the below-mentioned command to allow access from your PC to other devices.
$ sudo ufw allow from 10.0.2.15/24 |
|---|
Allowing access from your PC to a certain port,
The below-mentioned command should be run on the terminal to allow port 80 from the PC.
$ sudo ufw allow from 10.0.2.15/24 to any port 80 |
|---|
Use the IP address of your PC.
Allowing access from your PC to a certain range of ports,
Below is the syntax to allow access from your PC to a certain range of ports.
$ sudo ufw allow start-port:end-port/protocol |
|---|
Run the below-mentioned command to allow access to ports 44000 and 48800 for TCP and UDP to use with torrent clients.
For TCP:
$ sudo ufw allow 44000:488000/tcp |
|---|
For UDP:
$ sudo ufw allow 44000:488000/udp |
|---|
Disabling the mentioned rules
Firstly, again check the status of the firewall to see the rules added above by the below-mentioned command:
$ sudo ufw status numbered |
|---|
To delete any rule, follow the below-mentioned syntax:
$ sudo ufw delete rule_number |
|---|
The below-mentioned command will delete rule_number 1:
$ sudo ufw delete 1 |
|---|
Disabling the Firewall
If you want to delete all the new rules added and change the firewall back to its original configuration mode, then disable the firewall with the below-mentioned command:
$ sudo ufw disable |
|---|
Reseting the Firewall
Run the below-mentioned command to reset the configuration:
$ sudo ufw rest |
|---|
Conclusion
Data security is a serious concern in this era of technology, but there are various ways available to protect your data. Configuring the firewall on your Linux system is one of the most popular strategies. A firewall is a type of network software that helps us protect against data breaches by applying various rules. This article is about protecting our data center by configuring a firewall by using two approaches; configure your Linux firewall using GUFW and configure your Linux firewall using UFW. You can choose any of the approaches. Also, resetting and disabling firewall techniques are also discussed as plus points. After going through the article, you will be able to protect your data over the network.
Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications including CCNA RS, SCP, and ACE. As an IT engineer and technical author, he writes for various websites.
