What to do after installing Linux Ubuntu 3

Linux Ubuntu ufw firewall

Welcome to new episode “What to do after installing Linux Ubuntu 3”!!! …well there are plenty more things to cover here, in this third part we are going to enable firewall, install ssh and allow access on default ssh port 22.

On Linux Ubuntu there is a tool called ufw which is nothing more than simplified interface program that manages netfilter firewall. There is allso a very complex and powerful program for that purpose called iptables.

Since that program is often too complex for beginners they put ufw tool in Ubuntu which is quite easier, ufw stands for u-uncomplicated fw-firewall.

Default firewall rules on Ubuntu 18.04 after fresh install

Let’s make a few tests first just to see how firewall rules looks on fresh installed Linux Ubuntu system. I will use iptables tool just to display default firewall rules, since ufw is not enabled by default.

user@linux2u:~$ sudo iptables -L
[sudo] password for user: 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

In example above it’s clearly that all policies are ACCEPT and this is what we don’t want. If you’ve enabled ssh server on this Ubuntu machine everyone on this network can have access to it. Now let’s see some other tests:

user@linux2u:~$ sudo ufw status       # let's see firewall status
[sudo] password for user: 
Status: inactive                      # firewall is inactive

Activating ufw firewall on Linux Ubuntu 18.04

Let’s activate our ufw firewall!

user@linux2u:~$ sudo ufw enable
[sudo] password for user: 
Firewall is active and enabled on system startup

Now that we have enabled ufw firewall if you have ssh server on your Ubuntu machine, nobody has access to it from another machine on your network, because firewall blocks port 22 (default ssh port).

Ufw firewall enabling access on default ssh port 22

We have succeed activating firewall, and now we have to define our policies which services can use our ports. If you want to enable access to default ssh port 22 just use this command:

user@linux2u:~$ sudo ufw allow ssh
Rule added
Rule added (v6)

…and you can connect to it via ssh from another computer on your network.

Maybe it’s good to mention how to install, start and enable ssh because later on we are going to use ssh a lot because we will connecting to virtual machines.

user@linux2u:~$ sudo apt update         # refreshing repositories
user@linux2u:~$ sudo apt install ssh
Reading package lists... Done
Building dependency tree 
Reading state information... Done
The following packages were automatically installed and are no longer required:
gir1.2-geocodeglib-1.0 libfwup1 libllvm8
linux-headers-5.0.0-23 linux-headers-5.0.0-23-generic
linux-image-5.0.0-23-generic
linux-modules-5.0.0-23-generic
linux-modules-extra-5.0.0-23-generic

Preparing to unpack .../ssh_1%3a7.6p1-4ubuntu0.3_all.deb ...
Unpacking ssh (1:7.6p1-4ubuntu0.3) ...
Setting up ssh (1:7.6p1-4ubuntu0.3) ...



Starting ssh and examining its status

user@linux2u:~$ sudo systemctl start ssh
user@linux2u:~$ sudo systemctl status ssh

● ssh.service - OpenBSD Secure Shell server
   Loaded: loaded (/lib/systemd/system/ssh.service; enabled;
   Active: active (running) since Mon 2020-03-23 11:25:20 CE
  Process: 2728 ExecStartPre=/usr/sbin/sshd -t (code=exited,
 Main PID: 2729 (sshd)
    Tasks: 1 (limit: 4664)
   CGroup: /system.slice/ssh.service
           └─2729 /usr/sbin/sshd -D

mar 23 11:25:19 linux2u.local.org systemd[1]: Starting OpenB
mar 23 11:25:20 linux2u.local.org sshd[2729]: Server listeni
mar 23 11:25:20 linux2u.local.org sshd[2729]: Server listeni
mar 23 11:25:20 linux2u.local.org systemd[1]: Started OpenBS
lines 1-13/13 (END)...skipping...
● ssh.service - OpenBSD Secure Shell server
   Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2020-03-23 11:25:20 CET; 11s ago
  Process: 2728 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
 Main PID: 2729 (sshd)
    Tasks: 1 (limit: 4664)
   CGroup: /system.slice/ssh.service
           └─2729 /usr/sbin/sshd -D

mar 23 11:25:19 linux2u.local.org systemd[1]: Starting OpenBSD Secure Shell server...
mar 23 11:25:20 linux2u.local.org sshd[2729]: Server listening on 0.0.0.0 port 22.
mar 23 11:25:20 linux2u.local.org sshd[2729]: Server listening on :: port 22.
mar 23 11:25:20 linux2u.local.org systemd[1]: Started OpenBSD Secure Shell server.


If you reboot your system ssh service will be inactive, somebody will also want to enable it on boot:

user@linux2u:~$ sudo systemctl enable ssh
Synchronizing state of ssh.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable ssh

Before this post called -“What to do after installing Linux Ubuntu 3”  we where discussing about how to configure static ip address which is very important subject.

If you wish to learn more about ufw firewall you can read it on help.ubuntu community.

Author: Krunoslav Kralj

Im Linux enthusiast from Croatia using Linux for 13 years! My first Linux was - Ubuntu 7.10 (Gutsy Gibbon), released on 18 October 2007. After some time iv'e switched to Centos 6. Im still using Ubuntu for my daily tasks, and i really miss my Centos 6 which reminds me to some older versions of Ubuntu.

Leave a Reply

Your email address will not be published. Required fields are marked *