Basic Firewall Setup - LinuxScript.com

Detailed Information

This script sets up and configures a basic firewall for your Linux server using UFW (Uncomplicated Firewall). Firewall is the first line of defense that protects your server from unauthorized access.

What Does This Script Do?

This script automates the firewall setup process:

Installs UFW tool (if not present)
Sets default policies (incoming traffic denied, outgoing traffic allowed)
Opens SSH port (critical - to avoid locking yourself out)
Optionally opens HTTP and HTTPS ports
Provides option to add additional ports
Enables firewall

Why Should You Use It?

Firewall is fundamental to server security:

Prevent Unauthorized Access: Reduces attack surface by closing open ports
DDoS Protection: Blocks unwanted traffic
Port Control: Opens only necessary ports
Easy Management: UFW is much easier to use than iptables

Security Features

All incoming traffic denied by default
Only explicitly allowed ports are accessible
SSH port opened first (to avoid locking yourself out)
Descriptive comments added for each rule

How to Use

Step-by-Step Usage Guide

1. Create Script File

nano firewall_setup.sh

Paste the script code and save.

2. Make Script Executable

chmod +x firewall_setup.sh

3. Run as Root

sudo ./firewall_setup.sh

4. Answer Questions

The script will ask you:

SSH port (default: 22)
Allow HTTP (80) port? (y/n)
Allow HTTPS (443) port? (y/n)
Additional ports (comma-separated)

5. Check Firewall Status

sudo ufw status verbose

Manual Rule Addition

# Open port
sudo ufw allow 8080/tcp

# Close port
sudo ufw delete allow 8080/tcp

# Allow IP address
sudo ufw allow from 192.168.1.100

# Allow specific IP to specific port
sudo ufw allow from 192.168.1.100 to any port 3306

Temporarily Disable Firewall

sudo ufw disable

Re-enable Firewall

sudo ufw enable

Requirements

Root Privileges: Script must be run as root
Ubuntu/Debian System: UFW is usually installed by default on Ubuntu/Debian
Internet Connection: Required for UFW installation (if not present)

UFW Installation

UFW is usually installed by default on Ubuntu/Debian systems. If missing:

# Ubuntu/Debian
sudo apt-get update
sudo apt-get install ufw

# CentOS/RHEL (uses firewalld, but UFW can be installed)
sudo yum install epel-release
sudo yum install ufw

Important Notes

Do not enable firewall before opening SSH port - you may lock yourself out!
Default SSH port is 22, but may be changed for security
Firewall rules take effect immediately

Use Cases

1. New Server Setup

When setting up a new server, one of the first things to do is set up a firewall. You can quickly establish basic security with this script.

2. Production Server Security

On production servers, minimize attack surface by opening only necessary ports.

3. Web Server Security

For web servers, open HTTP (80) and HTTPS (443) ports, close all other ports.

4. Database Server Security

On database servers, allow access only from specific IP addresses.

5. Multi-Service Management

On servers running multiple services, open necessary ports for each service.

Examples

Usage Examples

Example 1: Basic Web Server

sudo ./firewall_setup.sh
# SSH Port: 22
# Allow HTTP: y
# Allow HTTPS: y
# Additional ports: (empty)

Example 2: Custom SSH Port

sudo ./firewall_setup.sh
# SSH Port: 2222
# Allow HTTP: y
# Allow HTTPS: y

Example 3: Multiple Ports

sudo ./firewall_setup.sh
# SSH Port: 22
# Allow HTTP: y
# Allow HTTPS: y
# Additional ports: 8080,3306,5432

Example 4: Manual Rule Addition

# Allow access from specific IP
sudo ufw allow from 192.168.1.100

# Port range
sudo ufw allow 8000:8010/tcp

# Specific protocol
sudo ufw allow 53/udp

Code

#!/bin/bash

# Basic Firewall Setup with UFW

if [ "$EUID" -ne 0 ]; then 
    echo "Please run as root"
    exit 1
fi

echo "Setting up firewall with UFW..."
echo ""

if ! command -v ufw &> /dev/null; then
    echo "Installing UFW..."
    apt-get update && apt-get install -y ufw
fi

echo "Resetting UFW to defaults..."
ufw --force reset

echo "Setting default policies..."
ufw default deny incoming
ufw default allow outgoing

echo "✓ Default policies set"
echo ""

read -p "SSH Port (default 22): " SSH_PORT
SSH_PORT=${SSH_PORT:-22}

echo "Allowing SSH on port $SSH_PORT..."
ufw allow $SSH_PORT/tcp comment "SSH"

read -p "Allow HTTP (80)? (y/n): " ALLOW_HTTP
if [ "$ALLOW_HTTP" = "y" ]; then
    ufw allow 80/tcp comment "HTTP"
    echo "✓ HTTP allowed"
fi

read -p "Allow HTTPS (443)? (y/n): " ALLOW_HTTPS
if [ "$ALLOW_HTTPS" = "y" ]; then
    ufw allow 443/tcp comment "HTTPS"
    echo "✓ HTTPS allowed"
fi

read -p "Any additional ports to open? (comma-separated, or press Enter to skip): " ADDITIONAL_PORTS
if [ ! -z "$ADDITIONAL_PORTS" ]; then
    IFS="," read -ra PORTS <<< "$ADDITIONAL_PORTS"
    for port in "${PORTS[@]}"; do
        ufw allow $port/tcp
        echo "✓ Port $port allowed"
    done
fi

echo ""
echo "Enabling UFW..."
ufw --force enable

echo ""
echo "======================================"
echo "FIREWALL STATUS"
echo "======================================"
ufw status verbose

echo ""
echo "======================================"
echo "FIREWALL RULES"
echo "======================================"
ufw status numbered

echo ""
echo "✓ Firewall setup completed!"
echo ""
echo "To add more rules later:"
echo "  ufw allow <port>/tcp"
echo "To remove a rule:"
echo "  ufw delete <rule number>"

Usage

sudo chmod +x firewall_setup.sh
sudo ./firewall_setup.sh

# Add rules manually
sudo ufw allow 8080/tcp
sudo ufw delete allow 8080/tcp

# Check status
sudo ufw status

Troubleshooting

Problem: Locked Myself Out (No SSH Access)

Solution: If you have physical access to the server or can access via VPS control panel:

# Temporarily disable firewall
sudo ufw disable

# Open SSH port
sudo ufw allow 22/tcp

# Re-enable firewall
sudo ufw enable

Problem: "ufw: command not found"

Solution: UFW is not installed. Install it:

sudo apt-get update
sudo apt-get install ufw

Problem: Port Open But Not Accessible

Solution: Make sure service is running and listening:

# Check port listening
sudo netstat -tulpn | grep :80

# Service status
sudo systemctl status nginx

Problem: Firewall Rules Not Applied

Solution: Make sure firewall is enabled:

sudo ufw status
sudo ufw enable

Detailed Information

What Does This Script Do?

Why Should You Use It?

Security Features

How to Use

Step-by-Step Usage Guide

1. Create Script File

2. Make Script Executable

3. Run as Root

4. Answer Questions

5. Check Firewall Status

Manual Rule Addition

Temporarily Disable Firewall

Re-enable Firewall

Requirements

Requirements

UFW Installation

Important Notes

Use Cases

Use Cases

1. New Server Setup

2. Production Server Security

3. Web Server Security

4. Database Server Security

5. Multi-Service Management

Examples

Usage Examples

Example 1: Basic Web Server

Example 2: Custom SSH Port

Example 3: Multiple Ports

Example 4: Manual Rule Addition

Code

Usage

Troubleshooting

Troubleshooting

Problem: Locked Myself Out (No SSH Access)

Problem: "ufw: command not found"

Problem: Port Open But Not Accessible

Problem: Firewall Rules Not Applied

Tags

Related Scripts

SSH Security Hardening

Fail2ban Setup and Configuration

Server Security Hardening