Uncomplicated Firewall (UFW) is a program for managing a netfilter firewall designed for easy use. It uses a command-line interface (CLI) with a small number of simple commands, and is configured with iptables. UFW is available by default in all Ubuntu installations after 18.04 LTS, and features tools for intrusion prevention which we will cover in this guide.
Start by checking the status of UFW.
sudo ufw status
Then proceed to configure your firewall with the following options, preferably in this order.
The order is important because UFW executes the instructions given to it in the order they are given, so putting the most important and specific rules first is a good security practice. You can insert UFW rules at any position you want to by using the following syntax (do not execute the following command when setting up your node security):
ufw insert 1 <command ex. deny> from <ip> to any // example only
The example command above would be placed in the first position (instead of the last) of the UFW hierarchy and deny a specific IP address from accessing the server.
This sets the default to allow outgoing connections unless specified they should not be allowed.
sudo ufw default allow outgoing
This sets the default to deny incoming connections unless specified they should be allowed.
sudo ufw default deny incoming
This allows SSH connections by the firewall.
sudo ufw allow ssh/tcp
This limits SSH login attempts on the machine. The default is to limit SSH connections from a specific IP address if it attempts 6 or more connections within 30 seconds.
sudo ufw limit ssh/tcp
Allow 26656 for a p2p networking port to connect with the Tendermint network; unless you manually specified a different port.
sudo ufw allow 26656
Allow 1317 if you are running a public LCD endpoint from this node. Otherwise, you can skip this.
sudo ufw allow 1317
This enables the firewall you just configured.
sudo ufw enable
At any point in time you can disable your UFW firewall by running the following command.
sudo ufw disable