Securing Linux servers Ubuntu/Debian/Alma/CentOS with Iptables and UFW Firewall

Introduction: In this tutorial, we'll walk you through securing your Ubuntu server using both Iptables and Uncomplicated Firewall (UFW). Iptables is a powerful firewall tool that provides extensive capabilities for configuring network traffic rules, while UFW provides a user-friendly interface for managing firewall rules on Ubuntu.

Part 1: Setting Up Iptables

Step 1: Open a Terminal
Access your Ubuntu server terminal through SSH or your preferred method.

Step 2: Check Current Iptables Rules
To view the existing rules in your firewall, execute:

This command lists all current rules set in the Iptables firewall.

Step 3: Configure Basic Iptables Rules
Start by setting default policies and configuring essential rules.

sudo iptables -P INPUT DROP
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

These commands set up basic security by blocking all incoming traffic except for SSH, HTTP, and HTTPS, while allowing all traffic on the loopback interface and related to established connections.

Step 4: Block Specific Ports
To enhance security, particularly against mail-related threats and brute-force attacks, block common mail ports:

sudo iptables -A INPUT -p tcp --dport 25 -j DROP
sudo iptables -A INPUT -p tcp --dport 587 -j DROP
sudo iptables -A INPUT -p tcp --dport 465 -j DROP
sudo iptables -A OUTPUT -p tcp --dport 25 -j DROP
sudo iptables -A OUTPUT -p tcp --dport 587 -j DROP
sudo iptables -A OUTPUT -p tcp --dport 465 -j DROP

Step 5: Install Iptables Persistent
To ensure rules persist after reboot, install iptables-persistent:

Step 6: Save the Iptables Configuration
Save the active configuration to a file:

Part 2: Configuring UFW

Step 1: Enable UFW
Ensure UFW is enabled to manage firewall rules easily:

Step 2: Configure UFW Rules
Set up rules in UFW to match your security requirements:

sudo ufw deny 25/tcp
sudo ufw deny 465/tcp
sudo ufw deny 587/tcp
sudo ufw allow ssh
sudo ufw allow {add ports}/tcp
sudo ufw deny {add ports}/udp

These rules block specific ports while allowing necessary traffic, such as SSH. In the field "add ports" you have to add the ports that you want to allow the traffic through. For example to allow traffic through multiple ports you can do "sudo ufw allow 10,15,20,40/tcp" which will allow the traffic in 10,15,20, and 40 ports

Step 3: Block Outbound Traffic to Specific Subnets
To prevent traffic to and from potential harmful private subnets, configure outbound rules:

sudo ufw deny out from any to 10.0.0.0/8
sudo ufw deny out from any to 172.16.0.0/12
sudo ufw deny out from any to 100.64.0.0/10

Part 3: Activate and Monitor

Enable Iptables and UFW at Boot
Ensure both firewall configurations are set to activate at boot:

For UFW, it is enabled by default after installation and configuration.

Final Step: Monitor and Adjust
Regularly check the status of your firewall and adjust rules as needed:

sudo systemctl status iptables.service
sudo ufw status verbose

By following these steps, you've fortified your Ubuntu VPS against unauthorized access and network threats, using both Iptables and UFW. Regularly review and update your rules to adapt to new security challenges.