How to Install Firewall on Ubuntu 16.04 for Your First Server on Alibaba Cloud
Alibaba Cloud Elastic Compute Service (ECS) provides a faster and more powerful way to run your cloud applications as compared with traditional physical servers. You can achieve great results on your cloud needs. With ECS, you can achieve more with the latest generation of CPUs as well as protect your instance from DDoS and Trojan attacks.
In this tutorial, we will talk about the best practices for provisioning your Ubuntu 16.04 server hosted on an Alibaba Cloud Elastic Compute Service (ECS) instance.
Ubuntu 16.04 comes with a default interface for interacting with IP tables known as UFW (Uncomplicated Firewall). UFW is a simplified tool which aims towards simplifying the process of setting up IP tables especially for beginners who are new to the Linux environment.
UFW is a right choice for adding another security to your Ubuntu 16.04 server running on Alibaba Cloud.
Although UFW is installed by default, you can use the command below to get it from Ubuntu’s repository if it was uninstalled:
$ sudo apt-get install ufwThen, type the command below to allow all outgoing calls and deny or incoming calls.
$ sudo ufw default deny incoming
$ sudo ufw default allow outgoingYou can use the UFW command below to allow traffic to a particular port or service:
$ sudo ufw allowTo avoid completely locking yourself from your Ubuntu server, the first port/service that you should allow on UFW is port 22 which listens for SSH connections.
To do this, type the command below to add the rule:
$ sudo ufw allow 22Or
$ sudo ufw allow sshAlso if you are running a web server, you should enable the http and https port:
$ sudo ufw allow http
$ sudo ufw allow httpsOnce you have whitelisted the services, run the command below to start UFW
$ sudo ufw enableYou can delete any rule that you have created by first checking its number and then deleting it via the commands below:
$ sudo ufw status numberedThen
$ sudo ufw deleteWhere is the value that you obtained above from the list of rules available.
Make sure ufw is enabled before checking the list of rules.
You can disable UFW at any time by typing the command below:
$ sudo ufw disableOr just reset all rules by typing:
$ sudo ufw resetRelated Blog Posts
How to Set Up Your First Ubuntu 16.04 Server on Alibaba Cloud
In this guide, we will talk about the best practices for the initial setup of your Ubuntu 16.04 server hosted on Alibaba Cloud Elastic Compute Service (ECS).
Alibaba Cloud Elastic Compute Service (ECS) provides a faster and more powerful way to run your cloud applications as compared with traditional physical servers. You can achieve great results on your cloud needs. With ECS, you can achieve more with the latest generation of CPUs as well as protect your instance from DDoS and Trojan attacks.
CERT Analysis on IoT Botnet and DDoS Attacks
On October 21, 2016, a DDoS attack hit the DNS service provider Dyn. The company is a major DNS provider for many companies in the United States.
In the morning of the attack, Dyn confirmed that its DNS infrastructure located in the East Coast had suffered DDoS attacks from all over the world. The attacks severely affected the business of Dyn’s DNS customers, and even worse, websites of customers became inaccessible. These attacks lasted until 13:45 PM ET. Dyn said on its official website that it would track down this issue and release the incident report.
Related Documentation
Deploy WAF and Anti-DDoS Pro together
Alibaba Cloud WAF and Anti-DDoS Pro and are fully compatible. You can use the following architecture to deploy WAF and Anti-DDoS Pro together: Anti-DDoS Pro (entry layer, DDoS attack protection) > WAF (intermediate layer, web attack protection) > Origin.
Set up Anti-DDoS Pro to protect your business
After you purchase Anti-DDoS Pro instances, you need to set up your instances to protect your business.
You can set up Anti-DDoS Pro instances by using one of the following methods:
- Set up Anti-DDoS Pro instances using domains
- Set up Anti-DDoS Pro instances using IPs and ports
Related Products
Anti-DDoS Pro is a value-added service used to protect servers, including external servers hosted in Mainland China, against volumetric DDoS attacks. You can redirect attack traffic to Anti-DDoS Pro to ensure the stability and availability of origin sites.
Web Application Firewall (WAF) protects your website servers against intrusions. Our service detects and blocks malicious traffic directed to your websites and applications. WAF secures your core business data and prevents server malfunctions caused by malicious activities and attacks.
Related Course
Use Anti-DDoS Basic and Pro to Defend DoS Attack
The network is the only entry point for all cloud services. Network attacks, especially denial of service attacks, are the most diverse and harmful, and one of the most difficult to protect against network risks. This course is designed to help students understand the principles of DoS attacks in a minimum amount of time and learn common protection methods and Alibaba Cloud Anti-DDoS protection solutions to minimize or reduce the risk of network layer attacks, protect your cloud network security.
