If you don’t know what a firewall is, let’s start there…

A firewall is basically a digital “wall” that sits on the edge of your network or device. When someone makes a connection over a network or the internet to your server, they connect by the IP address + a Port. Firewalls, on a very basic level, say “allow traffic on this port” or “deny traffic on this port.”

So for web traffic you might connect to our server here: 91.121.109.60 on port 80. There are a lot of services that run on any machine and many of them you don’t want to be accessible from the internet. For example, many distributions of Ubuntu come with a running DNS server that is accessible on port 53. If left alone, this could be a route for people to exploit your machine.

One way to think about it is like your home. Your house has a physical address that someone can punch into a GPS and it will take them to your driveway. However to get into the house they will need to go through a door or a window. Ports are those doors and windows. If a person needs access to the services of your kitchen, then they can come through the kitchen door. If they need access to your garage, you can send them through the garage door. On a computer, different doors (ports) tend to correspond to different services (servers). For example, Apache Web Server commonly uses port 80 for HTTP traffic to host a website, or port 443 to host a secure website with SSL. SMTP servers often use port 25 to receive incoming mail. FTP servers often use port 21, and so forth and so on.

So it is advantageous to block certain ports. I.E. you might allow everyone to visit your kitchen but you don’t want everyone in your bedroom. It is best to actually just block all ports by default and only allow specific ports to incoming traffic.

Finally it is worth noting that firewalls can do all kinds of interesting and complex things with traffic. Most of those functions are well outside of the scope of this article, and outside of the scope of UFW, but we will get there. (more…)