Firewall

Not much work done today on the homelab and setting up the website however one of the things that I had been wanting to do is set up a firewall. So I decided to install Uncomplicated Firewall with sudo apt install ufw.

I learnt that the way ufw works (and firewalls in general) is with a layer of rules. Each rule will typically pertain to a certain port, the IP address of the incoming access, and whether or not to allow or deny access. Then for any given request/connection to the server, the firewall will go through the stack of rules and apply the first rule that matches the constraints. Thus the ordering of the rules is important but configurable. If no "allow" rule matches, the connection will always be denied. When you add a rule with ufw, it adds it at the bottom of the stack.

Before managing SSH access, I wanted to manage HTTP access for my web server. Conveniently, ufw provides a list of common rule configurations based on certain software, and Nginx is included.

Running sudo ufw allow 'Nginx HTTP' applied these Nginx-specific rules, allowing HTTP access over port 80.

The next step would be to only allow SSH access from my main machine. This was achieved with sudo ufw allow from 192.168.1.6 to any port 22 proto tcp which would only allow SSH access on port 22 from my PC.

Now I could enable the firewall with sudo ufw enable with the specified rules applied.

I now had an active firewall with a rule stack that looked as follows, conveniently shown with sudo ufw status numbered:

I also learnt you can use sudo ufw delete to delete a rule by its specified number. But yea, ufw is a very easy and elegant way to control port access on your machine and I now have that set up.