Don’t think that by just installing LAMP stack you are protected, your server can still be vulnerable by having too many ports opened which you even don’t know. So if you setup your server from scratch but haven’t installed firewall yet you should now think of doing that. And believe me it won’t take that time.
Check if UFW is already installed?
The service that I’m going to cover in this article is UFW (Uncomplicated Firewall). First of all we need to check if the service is already not installed. To verify that just enter ufw status
and if you see something like below that means service is installed otherwise not.
# ufw status
Status: active
To Action From
-- ------ ----
Apache Full ALLOW Anywhere
22/tcp ALLOW Anywhere
115/tcp ALLOW Anywhere
Apache Full (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
115/tcp (v6) ALLOW Anywhere (v6)
Install and Configure UFW
sudo apt-get install ufw
sudo ufw allow ssh
sudo ufw allow sftp
#You need to change following two lines based on your web-server
sudo ufw allow 'Apache Full'
sudo ufw delete allow 'Apache'
#Two lines end here
#Alert! Before enabling it be sure that you've allowed your ssh and web server otherwise your website or SSH access from local machine can be denied and then you'll have to login to the server from web console to access the console via terminal to allow them. Or you'll have to contact your hosting service to do that.
sudo ufw enable
Now your firewall is configured and by typing `ufw status` you should see the output which I showed in previous section.