Logo Light

Network

Web Apps

System

Cloud

Cryptography

IoT

Exercise 3: Configuring IP Filtering in Firewalls

by | Jan 3, 2025

Objective

Learn how to configure basic IP filtering to allow or block specific IP addresses using the Uncomplicated Firewall (UFW) on a Linux system.

Scenario

As a system administrator, your organization requires strict network access control to secure sensitive systems. You’ve been tasked with configuring the firewall on a Linux server to allow access only from trusted devices while blocking all other incoming traffic. In this exercise, you’ll implement basic IP filtering using UFW and verify that your rules work as expected.

Lab Instructions

Step 1: Install UFW (Uncomplicated Firewall)

Open a terminal on your Linux machine.

Install UFW using the package manager:

sudo apt update 
sudo apt install ufw -y

Enable the firewall:

sudo ufw enable

Check the firewall status to ensure it’s active:

sudo ufw status verbose

Step 2: Configure IP Filtering

Allow traffic only from the trusted IP address 192.168.1.100:

sudo ufw allow from 192.168.1.100

Deny all other incoming traffic:

sudo ufw default deny incoming

Verify the rules are correctly applied:

sudo ufw status numbered

Step 3: Testing the Configuration

  1. From the allowed IP (192.168.1.100):
    • Open a terminal and ping the Linux machine:ping <Linux_Server_IP>
    • The ping should succeed.
  2. From any other IP address:
    • Attempt to ping the Linux machine:ping <Linux_Server_IP>
    • The ping should fail, confirming the firewall is blocking unauthorized traffic.

Step 4: Verify Firewall Logs

  1. Check firewall logs to confirm blocked attempts:sudo tail -f /var/log/ufw.log
  2. You should see logs showing denied connection attempts from unauthorized IPs.

Solution & Explanation

UFW Rule Breakdown

  • Allowing Specific IP: The rule sudo ufw allow from 192.168.1.100 permits traffic from the trusted IP.
  • Default Deny Policy: The command sudo ufw default deny incoming ensures that any IP not explicitly allowed is blocked.

Testing Results

  • Allowed IP: The ping request from 192.168.1.100 should receive responses.
  • Blocked IPs: Ping requests from other devices should time out, confirming the firewall rule is effective.

Firewall Logs

  • UFW logs every blocked attempt, providing visibility into unauthorized access attempts. Monitoring these logs can help detect potential attacks.

Testing & Verification

  • Confirm that only 192.168.1.100 can successfully ping the server.
  • Check firewall logs for denied connection attempts from other IPs.
  • Use sudo ufw status to review and verify active rules.

Additional Script (Optional)

Automate UFW configuration with a script:

#!/bin/bash
# Configure UFW for IP filtering
sudo apt update
sudo apt install ufw -y
sudo ufw allow from 192.168.1.100
sudo ufw default deny incoming
sudo ufw enable
sudo ufw status verbose

Run the script:

chmod +x setup_ufw.sh
sudo ./setup_ufw.sh

Conclusion

By completing this exercise, you have learned how to implement IP filtering using UFW to allow traffic from trusted IPs while blocking unauthorized connections. This skill is fundamental in strengthening network security and protecting systems from unauthorized access.

0 Comments