Skip to main content

How to Set Up a Firewall with UFW on Ubuntu

Ubuntu is a Debian-based Linux operating system and is suitable for both desktop and server use. It is shipped in stable and regular release cycles, with a new release every six months. Also, Long-term support (LTS) releases of Ubuntu are supported for five years and released every two years.

Ubuntu shows excellent concern for cybersecurity. Default configuration strikes a balance between security, performance, and usability. On the other hand, it can be further hardened to reduce its attack surface. Furthermore, Ubuntu versions have been certified under Common Criteria, providing 3rd party approval of the operating system's security mechanisms. It is also certified for HITECH, FISMA, and FedRAMP.

Ubuntu has a built-in L4 packet filtering system called Netfilter for access control and an interface, called iptables, for configuring the Netfilter. When a packet arrives at the server, it is forwarded to the Netfilter subsystem, which will accept, manipulate, or reject it based on the rules provided by user space via iptables.

iptables is a highly configurable and flexible firewall solution. However, learning iptables principles and becoming an iptables guru may take some time. Since it is a challenging task to configure the iptables firewall for novice users, many frontends for iptables have been developed.

The Uncomplicated Firewall (ufw) is one of the iptables frontend applications that includes a framework for managing netfilter as well as a command-line interface(CLI) for interacting with the firewall. It is especially good for host-based firewalls. ufw not only provides an easy-to-use interface for those who are new with firewall ideas but also simplifies sophisticated iptables instructions to aid an experienced administrator.

ufw was first introduced in Ubuntu 8.04 LTS. it is now included by default in all Ubuntu installations after that.

It is widespread to configure the ufw as a host-based firewall to protect the Ubuntu servers against cyber attacks. With the help of ufw, the Ubuntu server can also be used as a firewalling and routing platform for safeguarding the networks, particularly small business (SMB) and home networks.

In this article, we'll show you how to set up The Uncomplicated Firewall (ufw) on a Ubuntu 20.04 TLS Server and to enable next-generation firewall features, or L7 filterings such as content and application filtering by using the Zenarmor.

What are the Prerequisites to Install a Firewall on Ubuntu with UFW?

To follow this Uncomplicated Firewall (ufw) configuration tutorial you will need:

  • A Ubuntu 20.04 TLS Focal Fossa Server and
  • Privileged access to your Ubuntu system as root or via the sudo command. The best practice is to run administrative commands as a sudo user.
danger

All given commands are to be executed with root privileges either directly as a root user or by use of the sudo command.

What are the Steps to Set up a Firewall on Ubuntu with UFW?

You can easily set up a host-based firewall by configuring the UFW on your Ubuntu 20.04 TLS server. UFW installation and configuration steps are given below:

1. UFW Installation

UFW is pre-installed software on Ubuntu server distributions. Therefore you should not need to install the ufw package to your server. If ufw is not already installed on your system, you can manually install it by following the steps outlined below:

  1. Update your local package index by running the following command:
sudo apt update && sudo apt upgrade -y
  1. Install ufw software package by running the next command:
sudo apt-get install ufw -y

You should see the output similar to this:

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:

linux-headers-5.4.0-88 linux-headers-5.4.0-88-generic linux-image-5.4.0-88-generic linux-modules-5.4.0-88-generic linux-modules-extra-5.4.0-88-generic
Use 'sudo apt autoremove' to remove them.
The following NEW packages will be installed:
ufw

0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 147 kB of archives.
After this operation, 849 kB of additional disk space will be used.
Get:1 http://tr.archive.ubuntu.com/ubuntu focal-updates/main amd64 ufw all 0.36-6ubuntu1 [147 kB]
Fetched 147 kB in 0s (521 kB/s)
Preconfiguring packages ...
Selecting previously unselected package ufw.
(Reading database ... 180990 files and directories currently installed.)
Preparing to unpack .../ufw_0.36-6ubuntu1_all.deb ...
Unpacking ufw (0.36-6ubuntu1) ...
Setting up ufw (0.36-6ubuntu1) ...
Creating config file /etc/ufw/before.rules with new version
Creating config file /etc/ufw/before6.rules with new version
Creating config file /etc/ufw/after.rules with new version
Creating config file /etc/ufw/after6.rules with new version
Created symlink /etc/systemd/system/multi-user.target.wants/ufw.service ? /lib/systemd/system/ufw.service.

Processing triggers for man-db (2.9.1-1) ...
Processing triggers for rsyslog (8.2001.0-1ubuntu1.1) ...
Processing triggers for systemd (245.4-4ubuntu3.13) ...

2. UFW Uninstallation

You can uninstall the ufw package from your Ubuntu 20.04 server by running the following command:

sudo apt autoremove ufw --purge -y

You should see the output similar to this:

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:

ufw*

0 upgraded, 0 newly installed, 1 to remove and 56 not upgraded.
After this operation, 846 kB disk space will be freed.
Do you want to continue? [Y/n] Y
(Reading database ... 144553 files and directories currently installed.)
Removing ufw (0.36-6) ...
Processing triggers for man-db (2.9.1-1) ...
(Reading database ... 144462 files and directories currently installed.)
Purging configuration files for ufw (0.36-6) ...
Processing triggers for systemd (245.4-4ubuntu3.11) ...
Processing triggers for rsyslog (8.2001.0-1ubuntu1.1) ...
caution

It is not recommended to remove the UFW from a server that is accessible from the Internet if you don't know how to use iptables or have a reasonable alternative.

3. Enable UFW

By default, ufw is disabled on Ubuntu 20.04 server.

tip

ufw allows you to add rules before enabling the firewall. Therefore, if you are remotely connected to your server using ssh, you should run the following:

ufw allow proto tcp from any to any port 22

You should see the output similar to this:

Rule added
Rule added (v6)

The ssh port will be open after the firewall is enabled.

To enable the ufw, run the following command below:

sudo ufw enable

After running the above command, the firewall is activated and enabled when the system boots up. By default, all incoming traffic is automatically blocked and all outgoing traffic is permitted once the firewall is operational. The firewall immediately protects your system by preventing anyone from remotely connecting to it.

caution

Please beware that to be able to log in to your server you must explicitly allow incoming SSH connections before enabling the UFW firewall.

You may verify the status of UFW to make sure it is active without any error by running the next command:

sudo systemctl status ufw

This will display the output similar to given below:

. ufw.service - Uncomplicated firewall

Loaded: loaded (/lib/systemd/system/ufw.service; enabled; vendor preset: enabled)
Active: active (exited) since Tue 2021-11-16 09:18:40 UTC; 8min ago
Docs: man:ufw(8)
Main PID: 344 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 10387)
Memory: 0B
CGroup: /system.slice/ufw.service

4. Checking the Status and Rules of the UFW

To check the status of firewall and ufw managed rules, you may run the following command:

sudo ufw status verbose

When you need to delete a ufw rule, you need to know the related rule number. To view the ufw rules with their sequence numbers, you may run the next command:

sudo ufw status numbered

This will display the output similar to given below:

Status: active

To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 22/tcp (v6) ALLOW IN Anywhere (v6)

5. Configuring UFW Default Policies

UFW blocks all incoming network packets while allowing all outgoing packets by default. Therefore no one can connect to your server unless you explicitly open a service port, whereas all applications running on your server will be able to communicate with the outside.

the /etc/default/ufw file is used to store the UFW default policies. You may change the default policies by running the next command:

sudo ufw default allow|deny|reject [incoming|outgoing|routed]

As a best practice, all outgoing connections should also be blocked, and only approved outbound connections should be allowed. To accomplish this, you may run the following command:

sudo ufw default deny outgoing

In such cases, you need to maintain all permitted outgoing connections by defining the related allow rules.

6. Managing UFW Application Profiles

During the installation of an application package using the apt command, the application profile which includes the description of the service and the UFW settings, are created in the /etc/ufw/applications.d directory.

The syntax for application profiles is straightforward .INI file format:

[`name`]
title=`title`
description=`description`
ports=`ports`

The ports field can be used to specify a '|'-separated list of ports/protocols, with the protocol being optional. Multiple ports can also be specified using a comma-separated list or a range (specified with start:end), in which case the protocol is required.

To list all application profiles available on your server run the following command:

sudo ufw app list

Depending on the applications installed on your system, the output will look something like this:

Available applications:
Apache
Apache Full
Apache Secure
Nginx Full
Nginx HTTP
Nginx HTTPS
OpenSSH
Postfix
Postfix SMTPS
Postfix Submission

To view details of the firewall profile for a specific application, run the following command:

sudo ufw app info `<name>`

where <name> is one of the apps listed by the app list command.

For example, you may view the details on the firewall profile for Nginx Full by running the following command:

sudo ufw app info 'Nginx Full'

And, the output may be similar to this:

Profile: Nginx Full
Title: Web Server (Nginx, HTTP + HTTPS)
Description: Small, but very powerful and efficient web server

Ports:

80,443/tcp

You may also see profiles for all known applications with the following command:

sudo ufw app info all

This is a useful feature when you're looking into open ports on your server and aren't sure what applications they belong to or what the application does.

When the default port of an application is changed, you may edit the application profile file. after editing an application profile, you must run the following command to update the firewall with the most recent profile information:

ufw app update <name>

If you enter 'all' for the name, all profiles will be updated.

7. Enabling IPv6

UFW supports both IPv4 and IPv6 addresses. By default, IPv4/v6 addresses are enabled. If you have an IPv6 enabled Ubuntu system, to verify that IPv6 address support is enabled on your UFW, you may follow the next steps given below:

  1. Edit the /etc/default/ufw file with your favorite program such as vi or nano.
  2. Find and set the related line to IPv6=yes.
  3. Save and close the file.
  4. To enable IPv6 by activating the changes on the /etc/default/ufw file run the following command:
sudo ufw reload

8. Allow SSH Connections

To configure your UFW firewall to allow incoming SSH connections, you may run one of the following commands:

sudo ufw allow ssh

or

sudo ufw allow 22

If you have configured a custom listening port for SSH connections other than the default port 22, you need to run the following command to allow SSH:

sudo ufw allow <port-number>

For instance, if your SSH service runs on port 2222, then you can run the following command to allow connections on that port:

sudo ufw allow 2222

Now, your firewall is configured to allow incoming SSH connections, you can enable it by running:

sudo ufw enable

You will be warned that enabling the firewall may disrupt existing ssh connections, just type y and press Enter

Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

Limiting SSH connections

Connection rate limiting is supported by ufw, which is useful for preventing brute-force login attacks. When you enable the limit feature for SSH, ufw normally allows the SSH connections but denies it if an IP address tries to initiate 6 or more connections within 30 seconds. To limit the SSH connections for preventing brute-force attacks, type the following command:

sudo ufw limit ssh/tcp

9. Allowing Additional Connections

You can configure UFW to open specific ports to make specific services on your server accessible from the outside. UFW Rules can be specified using either

  • a simple syntax or
  • a full syntax.

The simple syntax only specifies the host's port and, optionally, the protocol to be allowed or denied. The general simple syntax for an allow rule is given below:

sudo ufw allow <port-number>

The full syntax that is more complete specifies the source and destination addresses as well as ports. The general full syntax for an allow rule is given below:

sudo ufw allow <port-number>/<protocol>

or

ufw allow [proto PROTOCOL] [from ADDRESS [port PORT | app APPNAME ]] [to ADDRESS [port PORT | app APPNAME ]] [comment COMMENT]

You can also use the comment parameter to add comments to your firewall rules to help explain your entry.

In this section, we will start with simple syntax examples for allowing connections to most common services, such as DNS and HTTP(S). Then we will go over the UFW full syntax usage for experienced administrators.

Open HTTP Service Port (80)

HTTP connections can be allowed with one of the following commands.

  1. To allow by port number, run the following command (full syntax):
sudo ufw allow 80/tcp
  1. To allow by service name, run the following command:
sudo ufw allow http
  1. To allow by application profile, you may run the following command for NGINX:
sudo ufw allow 'Nginx HTTP'

Open HTTPS Service Port (443)

HTTPS connections can be allowed with one of the following commands.

  1. To allow by port number, run the following command (full syntax):
sudo ufw allow 443/tcp
  1. To allow by service name, run the following command:
sudo ufw allow https
  1. To allow by application profile, you may run the following command for NGINX:
sudo ufw allow 'Nginx HTTPS'
tip

You can also enable both NGINX HTTP and HTTPS services by running the following command:

sudo ufw allow 'Nginx Full'

Open FTP Service Port (20:21/TCP)

To allow incoming FTP connections, you must allow port 21 and port 20 by running the following commands:

sudo ufw allow 21/tcp
sudo ufw allow 20/tcp

Open MySQL Service Port (3306/TCP)

To allow incoming MySQL connections, run one of the following commands.

  1. To allow by port number, run the following command (full syntax):
sudo ufw allow 3306/tcp
  1. To allow by service name, run the following command:
sudo ufw allow mysql

Open OpenVPN Service Port (1194/UDP)

To allow VPN client connections to your OpenVPN server, run the following command:

sudo ufw allow 1194/udp comment 'OpenVPN server'

Open WireGuard Service Port(51820/UDP)

To allow VPN client connections to your OpenVPN server, run the following command:

sudo ufw allow 51820/udp comment 'WireGuard VPN server'

Open DNS Service Port (53)

If you are running a DNS server on your Ubuntu server, to allow your clients to send DNS queries to your server you must allow incoming DNS connections by running one of the following commands:

sudo ufw allow 53 comment 'DNS server'

or

sudo ufw allow dns comment 'DNS server'

These commands will allow TCP and UDP port 53 to any address on the server.

Open Email Service Ports

The ports used for mail delivery by each of the TCP/IP protocols are listed in the table below.

ServerPort
SMTP25 or 587 (for TLS) or 465 (for SSL)
POP110
POPS995
IMAP143
IMAP3993

When you provide an email service on your Ubuntu server, you must run the following commands to allow email connections:

sudo ufw allow 25 comment 'allow smtp connections'
sudo ufw allow 587 comment 'allow smtp tls connections'
sudo ufw allow 465 comment 'allow smtp ssl connections'
sudo ufw allow 995 comment 'allow pops connections'
sudo ufw allow 110 comment 'allow pop3 connections'
sudo ufw allow 143 comment 'allow imap connections'
sudo ufw allow 993 comment 'allow imap3 connections'

10. Allowing Port Ranges

You can allow incoming connections for a range of ports using : between the port numbers. However, you must specify the protocol, either tcp or udp. For example,

sudo ufw allow 65100:65200/tcp

Also, you may allow multiple ports by using a comma , between the port numbers. For example,

sudo ufw allow 22,80,443/tcp

11. Allow Connections From an Only Trusted IP Address

You may need to allow the administrator to access the server without any restrictions. To allow access to all ports from an IP address, such as 10.0.0.100, specify from followed by the IP address you need to whitelist:

sudo ufw allow from 10.0.0.100

12. Allow Connections From a Trusted IP Address on Specific port

You may need to allow connections from a specific address to only a specific port. For example, MySQL service(3306) on your server can only be accessed by the Application Server with IP address 10.1.1.10. To accomplish this, run the following command:

sudo ufw allow from 10.1.1.10 to any port 3306

13. Allow Connections From Trusted Subnets

To allow access to all ports from a Subnet address, such as 10.0.0.0/24, specify from followed by the network address you need to whitelist. For example, you may allow the users in the subnet, 10.0.0.0/24, to access the FTP service by running the following command:

sudo ufw allow from 10.0.0.0/24 to any port 20:21 proto tcp

14. Allow Connections From a Specific Interface

ufw applies rules to all available interfaces by default. You can limit this, by specifying the DIRECTION on a specific interface. The DIRECTION can be either:

  • in for incoming connections or
  • out for outgoing connections.

If you want to create a firewall rule that only applies to a specific network interface, enter allow in on followed by the network interface name.

To allow all new incoming HTTP connections on eth0, for example, use:

ufw allow in on eth0 to any port 80 proto tcp

15. Denying Connections

If you haven't modified the default policy for all incoming connections, UFW will block all incoming connections unless you explicitly open the connection. If you want to deny access to a certain port, you can use the deny command and optionally the protocol.

sudo ufw deny <port>/<protocol>

For example, you may have an HTTP(S) web server that is publicly available from all around the world. And, you may need to block the connections coming from an untrustworthy IP address, such as 22.33.44.55, used for executing cyber attacks on your web server. To deny all connections from a specific IP address you may run one of the following commands:

sudo ufw deny from 22.33.44.55

or

sudo ufw deny from 22.33.44.55 to any port 80,443 proto tcp

Also, if you wish to change your default incoming policy to accept connections, you'll need to define deny rules for any services or IP addresses you don't want to allow connections for. For example, it is strongly advised that you restrict access to your SSH port (22) to only your trusted IP addresses. To deny any incoming connections to the SSH port, you may run the following command:

sudo ufw deny ssh/tcp

16. Denying ICMP/Ping Request

By default, UFW allows ping requests. However, for security reasons, you may need to block the icmp request. To deny ping packets, you may follow the steps below:

  1. Edit the /etc/ufw/before.rules with your favorite editor, such as nano or vi. The rules in this file are evaluated before any rules are added via the ufw command.
  2. Remove or comment the lines given below
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
  1. Save and close the file.
  2. To activate the changes, you can reload the ufw by running the next command
sudo ufw reload

17. Deleting Rules

You may delete the UFW rules from your Ubuntu server in two different ways:

  1. Rule Number

It's easier to delete UFW rules by rule number, especially if you're a novice user. To delete a rule by number, follow the next steps:

  • You must first find the number of the rule you wish to delete by typing the following command:
sudo ufw status numbered
Status: active

To Action From

-- ------ ----
[ 1] 22/tcp LIMIT IN Anywhere
[ 2] 80/tcp ALLOW IN Anywhere
[ 3] Nginx HTTP ALLOW IN Anywhere
[ 4] Nginx HTTPS ALLOW IN Anywhere
[ 5] Nginx Full ALLOW IN Anywhere
[ 6] 21/tcp ALLOW IN Anywhere
[ 7] 20/tcp ALLOW IN Anywhere
[ 8] 3306/tcp ALLOW IN Anywhere
[ 9] 1194/udp ALLOW IN Anywhere # OpenVPN server
[10] 51820/udp ALLOW IN Anywhere # WireGuard VPN server
[11] 53 ALLOW IN Anywhere # DNS server
[12] 25 ALLOW IN Anywhere # allow smtp connections
[13] 587 ALLOW IN Anywhere # allow smtp tls connections
[14] 465 ALLOW IN Anywhere # allow smtp ssl connections
[15] 995 ALLOW IN Anywhere # allow pops connections
[16] 110 ALLOW IN Anywhere # allow pop3 connections
[17] 143 ALLOW IN Anywhere # allow imap connections
[18] 993 ALLOW IN Anywhere # allow imap3 connections
[19] 65100:65200/tcp ALLOW IN Anywhere
[20] Anywhere ALLOW IN 10.0.0.100
[21] 3306 ALLOW IN 10.1.1.10
[22] 20 ALLOW IN 10.0.0.0/24
[23] 20,21/tcp ALLOW IN 10.0.0.0/24
[24] 20:21/tcp ALLOW IN 10.0.0.0/24
[25] 80/tcp on eth0 ALLOW IN Anywhere
[26] 80/tcp on ens18 ALLOW IN Anywhere
[27] Anywhere DENY IN 22.33.44.55
[28] 80,443/tcp DENY IN 22.33.44.55
[29] 22/tcp (v6) LIMIT IN Anywhere (v6)
[30] 80/tcp (v6) ALLOW IN Anywhere (v6)
[31] Nginx HTTP (v6) ALLOW IN Anywhere (v6)
[32] Nginx HTTPS (v6) ALLOW IN Anywhere (v6)
[33] Nginx Full (v6) ALLOW IN Anywhere (v6)
[34] 21/tcp (v6) ALLOW IN Anywhere (v6)
[35] 20/tcp (v6) ALLOW IN Anywhere (v6)
[36] 3306/tcp (v6) ALLOW IN Anywhere (v6)
[37] 1194/udp (v6) ALLOW IN Anywhere (v6) # OpenVPN server
[38] 51820/udp (v6) ALLOW IN Anywhere (v6) # WireGuard VPN server
[39] 53 (v6) ALLOW IN Anywhere (v6) # DNS server
[40] 25 (v6) ALLOW IN Anywhere (v6) # allow smtp connections
[41] 587 (v6) ALLOW IN Anywhere (v6) # allow smtp tls connections
[42] 465 (v6) ALLOW IN Anywhere (v6) # allow smtp ssl connections
[43] 995 (v6) ALLOW IN Anywhere (v6) # allow pops connections
[44] 110 (v6) ALLOW IN Anywhere (v6) # allow pop3 connections
[45] 143 (v6) ALLOW IN Anywhere (v6) # allow imap connections
[46] 993 (v6) ALLOW IN Anywhere (v6) # allow imap3 connections
[47] 65100:65200/tcp (v6) ALLOW IN Anywhere (v6)
[48] 80/tcp (v6) on eth0 ALLOW IN Anywhere (v6)
[49] 80/tcp (v6) on ens18 ALLOW IN Anywhere (v6)
  • After viewing the numbered rule list, to delete the rule, such as with number 25, run the following command:
sudo ufw delete 25

The output should look like this:

Deleting:
allow in on eth0 to any port 80 proto tcp
Proceed with operation (y|n)? y
Rule deleted

Before it is deleted, you will be asked for confirmation. Type "y" and then "Enter" if you're sure. Type "n" to cancel the procedure if you make a mistake.

  1. Specifying the Actual Rule

You can also delete a rule by specifying the actual rule, for example, if you added a rule to open port 8080 you can delete it with the next command:

sudo ufw delete allow 8080

18. UFW Disabling or Resetting

If for any reason you need to stop UFW and deactivate all the rules you can run the next command:

sudo ufw disable

The output should look like this:

Firewall stopped and disabled on system startup

Later if you need to re-enable UFW and activate all rules, you may run the following command:

sudo ufw enable

if you reset UFW, all active rules will be deleted and the firewall is reset to default values. If you want to undo all of your modifications and start over, this is a good option.

Type the following command to reset UFW:

sudo ufw reset

19. UFW Logging

By default, all UFW entries are logged into /var/log/ufw.log file with low log level. You may need a higher level of logging. There are many logging levels available, and you may choose your favorite option based on which firewall logs you want to save.

  • off: ufw logging is turned off.
  • Low: logs blocked packets that don't match the rules you've specified and packets that match the rules you've logged.
  • Medium: Logs low-level, authorized packets that don't meet the rules, invalid packets, and all new connections to your server.
  • High: Logs medium without attempts/rate-limiting, and all packets with attempt limiting
  • Full: All firewall packets are fully logged, with no rate/access attempts limitations.

To set your UFW logging level, use the command below.

sudo ufw logging LEVEL

For example:

sudo ufw logging full

To enable logging for a specific firewall rule, such as HTTPS, use the command.

sudo ufw allow log 443/tcp

To disable the UFW logging feature, you may run the following command:

sudo ufw logging off
caution

Above medium log levels generate a lot of logging output, which can quickly fill up your disk. On a busy system, the log level medium may generate a large amount of logging output.

20. Testing UFW Rules

You may use the --dry-run option to test your UFW rules. It is a handy alternative when messing around with firewall settings. If you run the following command, it allows you to see an example of the modifications that would have occurred without having to process them.:

sudo ufw --dry-run enable

How Hard is Installing Firewall on Ubuntu?

It is straightforward to install and configure a firewall on Ubuntu. As mentioned above, Ubuntu comes with a built-in L4 packet filtering system as well as an Uncomplicated Firewall(UFW), its frontend software. UFW was created to make it simple to configure the firewall. You can enable or disable the firewall by a simple command quickly. It provides default policies that start protecting your server right away by banning all inbound connections. CLI allows you to simply manage your firewall policies. To configure the firewall on an Ubuntu system, you only need a basic understanding of networking and firewalling.

How to Enable NGFW Capabilities on Ubuntu Firewall?

iptables and its frontend application UFW provide an easy-to-use and strong L4 packet filtering system. Therefore, it is widespread to use them as a host-based firewall. However, if you configure your Ubuntu firewall as a firewall and routing platform between your internal network and external network, it can't effectively safeguard the clients and your valuable assets in your network against advanced cyber threats, such as phishing attacks and malware. Additionally, nowadays, cybercriminals are targeting not only enterprises but also small businesses(SMB) and even home users. Traditional L4 packet filtering firewalls were not prepared for the new cyber attacks. As a result, it is vital for every organization and even home users to have next-generation firewalls in place to protect them from all types of attacks. Gartner defines an NGFW as:

a wire-speed integrated network platform that performs deep inspection of traffic and blocking of attacks.

Please refer to NGFW article written by Sunny Valley Networks for more information.

Fortunately, you can easily enable next-generation firewall capabilities, such as content filtering and application control, by installing and configuring Zenarmor on your Ubuntu server. Zenarmor provides cutting-edge, next-generation firewall features for open-source firewalls that are not currently available in these products. Zenarmor based on technology is a very lightweight yet powerful application layer/L7 packet inspection core. It can provide a wide variety of enterprise-grade network security functions for free.

The main features of the Zenarmor are listed below:

  • Application Control

  • Web Filtering

  • Real-time auto-blocking of recent malware/phishing outbreaks.

  • User-friendly web and application categorization system with a massive and up-to-date database.

  • Time scheduled policies is an extremely useful feature, particularly for managing internet bandwidth.

  • User-based and device-based filtering, which is very useful for managing schools and campus networks.

  • Cloud Threat Intelligence

  • Centralized Cloud management is a very useful and appealing feature for security administrators who have a large number of firewalls to manage.

  • Rich reporting and analytics which provides network visibility.

For starting to protect your network behind Zenarmor, you may easily run the following command on your Ubuntu server:

curl https://updates.sunnyvalley.io/getzenarmor | sh