Old post detected!
This post is roughly 11 years old; originally published on March 9, 2013! The information presented here may be out of date and inaccurate.
Please read this page but do keep its age in mind.
While migrating one of my VPS servers to Arch Linux
I deployed Uncomplicated Firewall (UFW)
to handle basic firewall duties. I like ufw as it provides simple host-based
firewall management and, in my opinion, one of the better projects to come out
of the Ubuntu camp.
Install ufw as follows.
sudo pacman -Syy -noconfirm --needed ufw
Configuring ufw is simple but make sure you have console access to the host
you are configuring just in case you lock yourself out.
NOTE! When enabling ufw the chains are flushed and connections may be
dropped. You can add rules to the firewall before enabling it however, so if you
are testing ufw on a remote machine it is recommended you perform…
ufw allow ssh/tcp
…before running sudo ufw enable. Once the firewall is enabled, adding and
removing rules will not flush the firewall, although modifying an existing rule
will.
Set the default behaviour to deny all incoming connections.
sudo ufw default deny
Open up TCP port 22 but with rate limiting enabled which will deny connections
from an IP address that has attempted to initiate 6 or more connections in the
last 30 seconds. Ideal for protecting sshd but you should conisder other
SSH brute force defense
techniques as well.
sudo ufw limit tcp/22
I’m hosting a few websites on my VPS so I open http and https.
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
Enable the ufw systemd unit.
sudo systemctl enable ufw
sudo systemctl start ufw
However, ufw is not enabled at this point. To enable the firewall you also
have to do the following.
sudo ufw enable
You can see the status of the firewall using sudo ufw status.
On low-end servers it might be beneficial to disable logging.
sudo ufw logging off
At this point you should have a basic firewall configured and ufw help or the
references below will assist you.