Server firewall configuration

There are two ways to start thinking about your server firewall security. The hard way or the easy way. The easy way would be to start thinking before something bad has happened to your server, and now you can figure out what would be the hard way..

In order to get the security of your server up, you should start with setting up firewall.

Simple firewall for Linux (Ubuntu)

sudo apt-get install ufw

Now when this is setup, you can start most simple settings. Please remember to enable ssh any time – you don’t want to be locked from your own server.

sudo ufw default deny incoming
sudo ufw logging on
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 22/tcp
sudo ufw enable

Some of the ports include open ports for email senders.

After this basic setup is set. Restart ufw.

sudo ufw disable
sudo ufw enable
sudo ufw status verbose

Additional elements to check:

netstat -nputw c  - monitor current connections. high Send-Q implies your     server is being misused. 
git clone
./lynis audit system -Q                      - Check for security vulnerabilities. 

For information wget:

wget supports HTTP, HTTPS, and FTP, so by default that's 80, 443, 20, and 21 (all TCP).


apt can use HTTP, HTTPS, FTP, RSH, and SSH, so that's 80, 443, 20, 21, 514, and 22 (also all TCP)