Firewall Configuration with nftables
Intermediate10 min
Configure and manage firewall rules using nftables or ufw to control network traffic and protect services.
Prerequisites
- -Linux shell access
- -Root or sudo access
Steps
1
Check current firewall status
View the current firewall status and rules.
$ sudo ufw status verbose 2>/dev/null || sudo nft list ruleset 2>/dev/null || sudo iptables -L -n
2
Enable ufw and set default policies
Enable the firewall with deny-by-default for incoming traffic.
$ sudo ufw default deny incoming && sudo ufw default allow outgoing && sudo ufw enable
Make sure to allow SSH before enabling the firewall or you may lock yourself out.
3
Allow specific services
Open ports for services that need to accept incoming connections.
$ sudo ufw allow ssh && sudo ufw allow 80/tcp && sudo ufw allow 443/tcp
You can also use service names: sudo ufw allow 'Nginx Full'
4
Allow access from a specific IP
Restrict access to a port from a specific IP address or subnet.
$ sudo ufw allow from 10.0.0.0/24 to any port 5432 proto tcp
This is useful for database ports that should only be accessible from your application servers.
5
View and delete specific rules
List numbered rules and delete a specific one.
$ sudo ufw status numbered && echo 'Delete with: sudo ufw delete <number>'
Full Script
FAQ
Discussion
Loading comments...