Explanation: Although the Linux kernel has a built-in firewall, it is turned off by default since Ubuntu installs in such a way that no ports are listened to by any program or process. Since nothing is listening to any of the ports, there is no need for a firewall. However, once you enable something like file or printer sharing, remote desktop, etc., processes will start to listen to some of the ports for external connections. You should therefore enable the firewall and create rules to restrict access of the appropriate ports to the IP addresses of the desired set of machines. Iptables is somewhat complicated to configure, so instead Ubuntu allows you to easily create and maintain firewall rules using a simple command-line tool called ufw.
- Enable the firewall and set the default rule to deny incoming connections to all ports:
sudo ufw enableImportant: Remember that from this point on, if you want to do anything that requires other computers to connect to yours (e.g., share a file or printer, allow a remote desktop or SSH connection, etc.), you will have to explicitly add a rule to allow such a connection.
sudo ufw default deny
- (optional) You can now add custom firewall rules to open specific ports (or all ports) to specific hosts. For example, to allow connections on port $PORT from any IP on your private network (i.e., IP addresses of the form 192.168.xxx.xxx, such as the computers behind the same router as you):
sudo ufw allow from 192.168.0.0/16 to any port $PORTTo allow connections on any port from any IP on your private network:
sudo ufw allow from 192.168.0.0/16 to anyHere are some instructions for creating other rules.