Configuring the firewall and establishing an SSH connection to Ubuntu Server

Written by

Andreas

in

, , ,

Step 3 of the series: Bypass internet restrictions and protect your privacy on public Wi-Fi

In this part of the series, you’ll configure the server’s firewall.

After completing the installation and updating all packages, you’ll configure the firewall using ufw.

ufw should already be installed. You can check with one of the following commands:

Bash
which ufw
sudo ufw status
apt list --installed ufw

If it’s not installed, run:

Bash
sudo apt install ufw

First, make sure IPv6 is enabled for ufw. It should be enabled by default.

Bash
sudo nano /etc/default/ufw

At the top of the file, you should see:

/etc/default/ufw excerpt
IPV6=yes

Now configure the default rules for ufw.

To deny all incoming traffic:

Bash
sudo ufw default deny incoming

Output

Output
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)

To allow all outgoing traffic:

Bash
sudo ufw default allow outgoing


Output

Output
Default outgoing policy changed to 'allow'
(be sure to update your rules accordingly)

Next, allow incoming SSH connections. The easiest way is to use an application profile. Check if it exists:

Bash
sudo ufw app list

Output

Output
Available applications:
OpenSSH

The output confirms that the application profile for OpenSSH is available. This allows you to permit incoming connections for OpenSSH as follows:

Bash
sudo ufw allow OpenSSH

Output

Output
Rules updated
Rules updated (v6)

Now enable the firewall:

Bash
sudo ufw enable

You may be prompted to confirm, since enabling the firewall might disrupt existing connections:

Output
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

Check the firewall status:

Bash
sudo ufw status verbose

Output

Output
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To Action From
-- ------ ----
22/tcp (OpenSSH) ALLOW IN Anywhere
22/tcp (OpenSSH (v6)) ALLOW IN Anywhere (v6)

To find out the server’s IP address, run:

Bash
ip a

Output

Output
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: ens3: mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 96:c5:ae:08:9d:6c brd ff:ff:ff:ff:ff:ff
altname enp0s3
inet 152.53.239.17/22 metric 100 brd 152.53.239.255 scope global dynamic ens3
valid_lft 2673619sec preferred_lft 2673619sec
inet6 fe80::94c5:aeff:fe08:9d6c/64 scope link
valid_lft forever preferred_lft forever

Under 2: ens3:, the IP address is shown — in this case 152.53.239.17.

Now it’s time to initiate an SSH connection from your local machine:

Bash
ssh username@152.53.239.17

Output

Output
Welcome to Ubuntu 24.04.2 LTS (GNU/Linux 6.8.0-56-generic x86_64)

Documentation: https://help.ubuntu.com

Management: https://landscape.canonical.com

Support: https://ubuntu.com/pro System information as of Wed Mar 26 07:43:39 PM UTC 2025 System load: 0.0 Processes: 138
Usage of /: 6.6% of 97.87GB Users logged in: 1
Memory usage: 2% IPv4 address for ens3: 152.53.239.17
Swap usage: 0%

Expanded Security Maintenance for Applications is not enabled.

0 updates can be applied immediately.

Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status

Last login: Wed Mar 26 19:34:30 2025 from 152.XX.XXX.XXX

You can also use the server’s hostname for SSH login. Make sure the DNS records have already been updated on your local machine:

Bash
nslookup 152.53.95.178

The response should include your server’s hostname.

Comments

Leave a Reply

More posts