×
Community Blog How to Install Firewall on Ubuntu 16.04 for Your First Server on Alibaba Cloud

How to Install Firewall on Ubuntu 16.04 for Your First Server on Alibaba Cloud

In this tutorial, you can get some information on the installation of firewall on ubuntu 10.04 for your first server on Alibaba Cloud.

Alibaba Cloud Elastic Compute Service (ECS) provides a faster and more powerful way to run your cloud applications as compared with traditional physical servers. You can achieve great results on your cloud needs. With ECS, you can achieve more with the latest generation of CPUs as well as protect your instance from DDoS and Trojan attacks.

In this tutorial, we will talk about the best practices for provisioning your Ubuntu 16.04 server hosted on an Alibaba Cloud Elastic Compute Service (ECS) instance.

Ubuntu 16.04 comes with a default interface for interacting with IP tables known as UFW (Uncomplicated Firewall). UFW is a simplified tool which aims towards simplifying the process of setting up IP tables especially for beginners who are new to the Linux environment.

UFW is a right choice for adding another security to your Ubuntu 16.04 server running on Alibaba Cloud.

Although UFW is installed by default, you can use the command below to get it from Ubuntu’s repository if it was uninstalled:

$ sudo apt-get install ufw

Then, type the command below to allow all outgoing calls and deny or incoming calls.

$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing

You can use the UFW command below to allow traffic to a particular port or service:

$ sudo ufw allow 

To avoid completely locking yourself from your Ubuntu server, the first port/service that you should allow on UFW is port 22 which listens for SSH connections.

To do this, type the command below to add the rule:

$ sudo ufw allow 22

Or

$ sudo ufw allow ssh

Also if you are running a web server, you should enable the http and https port:

$ sudo ufw allow http
$ sudo ufw allow https

Once you have whitelisted the services, run the command below to start UFW

$ sudo ufw enable

You can delete any rule that you have created by first checking its number and then deleting it via the commands below:

$ sudo ufw status numbered

Then

$ sudo ufw delete 

Where is the value that you obtained above from the list of rules available.
Make sure ufw is enabled before checking the list of rules.
You can disable UFW at any time by typing the command below:

$ sudo ufw disable

Or just reset all rules by typing:

$ sudo ufw reset

Related Blog Posts

How to Set Up Your First Ubuntu 16.04 Server on Alibaba Cloud

In this guide, we will talk about the best practices for the initial setup of your Ubuntu 16.04 server hosted on Alibaba Cloud Elastic Compute Service (ECS).

Alibaba Cloud Elastic Compute Service (ECS) provides a faster and more powerful way to run your cloud applications as compared with traditional physical servers. You can achieve great results on your cloud needs. With ECS, you can achieve more with the latest generation of CPUs as well as protect your instance from DDoS and Trojan attacks.

CERT Analysis on IoT Botnet and DDoS Attacks

On October 21, 2016, a DDoS attack hit the DNS service provider Dyn. The company is a major DNS provider for many companies in the United States.

In the morning of the attack, Dyn confirmed that its DNS infrastructure located in the East Coast had suffered DDoS attacks from all over the world. The attacks severely affected the business of Dyn's DNS customers, and even worse, websites of customers became inaccessible. These attacks lasted until 13:45 PM ET. Dyn said on its official website that it would track down this issue and release the incident report.

Related Documentation

Deploy WAF and Anti-DDoS Pro together

Alibaba Cloud WAF and Anti-DDoS Pro and are fully compatible. You can use the following architecture to deploy WAF and Anti-DDoS Pro together: Anti-DDoS Pro (entry layer, DDoS attack protection) > WAF (intermediate layer, web attack protection) > Origin.

Modify local hosts file to test WAF

The hosts file specifies the correspondence between the domain name and IP address. If a domain name has an IP address specified in the hosts file, the system will not resolve its IP address through the domain name system (DNS) when accessing this domain name, but will directly access the specified IP address instead.

Therefore, if your website is deployed with Anti-DDoS Pro or WAF services, you can modify the local hosts file to direct the website to the WAF without changing the online business flow. This allows you to test whether or not the business services work normally after they pass through WAF.

Related Products

Anti-DDoS Pro

Anti-DDoS Pro is a value-added service used to protect servers, including external servers hosted in Mainland China, against volumetric DDoS attacks. You can redirect attack traffic to Anti-DDoS Pro to ensure the stability and availability of origin sites.

Web Application Firewall

Web Application Firewall (WAF) protects your website servers against intrusions. Our service detects and blocks malicious traffic directed to your websites and applications. WAF secures your core business data and prevents server malfunctions caused by malicious activities and attacks.

Related Course

Use Anti-DDoS Basic and Pro to Defend DoS Attack

The network is the only entry point for all cloud services. Network attacks, especially denial of service attacks, are the most diverse and harmful, and one of the most difficult to protect against network risks. This course is designed to help students understand the principles of DoS attacks in a minimum amount of time and learn common protection methods and Alibaba Cloud Anti-DDoS protection solutions to minimize or reduce the risk of network layer attacks, protect your cloud network security.

0 0 0
Share on

Alibaba Clouder

2,599 posts | 764 followers

You may also like

Comments