LAB-SEC-01 - The UFW Firewall

SEC Security & Firewalls

The UFW Firewall

Use UFW to inspect firewall state, allow required access, and apply simple rules without locking yourself out.

25 min BEGINNER LINUX Curriculum-reviewed

Prerequisites

Lab LAB-NET-04 - Ports and Connections

Success criteria

Use UFW to inspect firewall state, allow required access, and apply simple rules without locking yourself out.
Repeat the workflow without copy-paste or step-by-step prompting.

Safety notes

If you are working over SSH, allow the SSH port before enabling UFW and confirm you still have a recovery path.

Part A: The Field Guide

What This Lab Is Really About

This lab teaches the safest beginner habits for host firewalls:

inspect current state
allow what is truly needed
keep administrative access working
remove mistakes cleanly

UFW is a good starting point because it keeps the rule language readable.

Command Reference

sudo ufw status sudo ufw status numbered sudo ufw allow 22/tcp sudo ufw allow 80/tcp sudo ufw delete 2

Part B: The Drill Deck

Terminal required: if you are on a remote host, be especially careful with SSH access.

Exercise G1: Inspect the Current Firewall

Run:

sudo ufw status verbose

Note whether UFW is active or inactive.
If it is already active, read the current rules before changing anything.

Exercise G2: Protect SSH Before Enabling

If you use SSH to reach this system, add the SSH rule first:

sudo ufw allow 22/tcp

Then enable UFW if needed:

sudo ufw enable

Verify the result:

sudo ufw status

Exercise G3: Add One More Needed Port

Add a simple web rule:

sudo ufw allow 80/tcp

Check the firewall again and confirm the rule appears.

Exercise S1: Restrict by Source

Add a rule that allows only one source IP to reach a chosen port, for example:

sudo ufw allow from 10.0.0.200 to any port 5432

Read the rule list and confirm what changed.

Exercise S2: Remove a Mistake

List numbered rules:

sudo ufw status numbered

Delete one test rule by its number.
Verify that the remaining rules shifted as expected.

Mission M1: Rebuild a Minimal Safe Policy

Your task is to describe or perform a minimal safe setup for a host that only needs:

SSH administration
HTTP on port 80

The workflow should include:

confirming current state
allowing required ports
enabling the firewall
verifying the result

Practice flow

Run the exercise carefully, verify the result, then mark it complete only when you could repeat the task without step-by-step help.

Open lesson Open Arena Back to Labs

Reflection

Could you now inspect UFW status and understand what is allowed?
Do you know the safety step to take before enabling UFW on a remote system?
If you repeated The UFW Firewall from memory, where would you still hesitate?

If not yet, repeat the lab once more without leaning on the instructions.

Move on when

Enable or inspect UFW safely and explain which rules are protecting access.
Add and remove a simple rule without losing track of the rule list.

A lab counts when you can repeat it cleanly with much less help than the first time.

Practice review

After you finish, repeat this lab tomorrow with less reliance on the instructions.

Use spaced practice around day 1, day 3, day 7, day 14.
Try to predict the steps before you scroll.
Run the key commands or actions from memory first.
Use the lesson or Library only for the parts that still fail.

Lab context

Best for

Need structureSerious hands-on operatorStarting from zeroIT / support / sysadminExpert refresh / reference

Pathways

Career operator pathFoundations firstFoundations with structured review

Practice fit

Beginner-safe Guided practice

This lab is designed to be attempted safely by newer learners if they stay inside the described sandbox or practice folder.

Expect tighter prompts and a more protected workflow while the skill is still forming.

Revisit the lesson

Module M47 - Services Management Module M49 - System Updates & Patching Module M50 - Remote Access: Advanced Module M52 - Systematic Troubleshooting: PDIVET

Topics

ufwfirewallsecurityportsallowdeny

Reference support

Library ufw Library firewall Library security Library ports

On this page