While migrating one of my VPS servers to Arch Linux
I deployed Uncomplicated Firewall (UFW)
to handle basic firewalling duties. I like
ufw as it provides simple host-based
firewall management and, in my opinion, one of the better projects to come out of
the Ubuntu camp.
ufw as follows.
sudo pacman -Syy -noconfirm --needed ufw
ufw is simple but make sure you have console access to the host
you are configuring just in case you lock yourself out.
NOTE! When enabling
ufw the chains are flushed and connections may be
dropped. You can add rules to the firewall before enabling it however, so if you
ufw on a remote machine it is recommended you perform...
ufw allow ssh/tcp
sudo ufw enable. Once the firewall is enabled, adding and
removing rules will not flush the firewall, although modifying an existing rule
Set the default behaviour to deny all incoming connections.
sudo ufw default deny
Open up TCP port 22 but with rate limiting enabled which will deny connections
from an IP address that has attempted to initiate 6 or more connections in the
last 30 seconds. Ideal for protecting
sshd but you should conisder other
SSH brute force defense
techniques as well.
sudo ufw limit tcp/22
I'm hosting a few websites on my VPS so I open http and https.
sudo ufw allow 80/tcp sudo ufw allow 443/tcp
I have a static IP address at home so I allow unfiltered access to the VPS from that IP. I've used a bogus IP address in the example below.
sudo ufw allow from 10.0.0.0/32
ufw systemd unit.
sudo systemctl enable ufw sudo systemctl start ufw
ufw is not enabled at this point. To enable the firewall you also
have to do the following.
sudo ufw enable
You can see the status of the firewall using
sudo ufw status.
On low-end servers it might be beneficial to disable logging.
sudo ufw logging off
At this point you should have a basic firewall configured and
ufw help or the
references below will assist you.