Step 3 of the series: Bypass internet restrictions and protect your privacy on public Wi-Fi
In this part of the series, you’ll configure the server’s firewall.
After completing the installation and updating all packages, you’ll configure the firewall using ufw.
ufw should already be installed. You can check with one of the following commands:
which ufw
sudo ufw status
apt list --installed ufwIf it’s not installed, run:
sudo apt install ufwFirst, make sure IPv6 is enabled for ufw. It should be enabled by default.
sudo nano /etc/default/ufwAt the top of the file, you should see IPV6=yes:
IPV6=yesNow configure the default rules for ufw.
To deny all incoming traffic:
sudo ufw default deny incomingDefault incoming policy changed to 'deny'
(be sure to update your rules accordingly)To allow all outgoing traffic:
sudo ufw default allow outgoingDefault outgoing policy changed to 'allow'
(be sure to update your rules accordingly)Next, allow incoming SSH connections. The easiest way is to use an application profile. Check if it exists:
sudo ufw app listAvailable applications:
OpenSSHThe output confirms that the application profile for OpenSSH is available. This allows you to permit incoming connections for OpenSSH as follows:
sudo ufw allow OpenSSHRules updated
Rules updated (v6)Now enable the firewall:
sudo ufw enableYou may be prompted to confirm, since enabling the firewall might disrupt existing connections:
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startupCheck the firewall status:
sudo ufw status verboseStatus: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp (OpenSSH) ALLOW IN Anywhere
22/tcp (OpenSSH (v6)) ALLOW IN Anywhere (v6) To find out the server’s IP address, run:
ip a1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 96:c5:ae:08:9d:6c brd ff:ff:ff:ff:ff:ff
altname enp0s3
inet 152.53.239.17/22 metric 100 brd 152.53.239.255 scope global dynamic ens3
valid_lft 2673619sec preferred_lft 2673619sec
inet6 fe80::94c5:aeff:fe08:9d6c/64 scope link
valid_lft forever preferred_lft foreverUnder 2: ens3:, the IP address is shown — in this case 152.53.239.17.
Now it’s time to initiate an SSH connection from your local machine:
ssh username@152.53.239.17Welcome to Ubuntu 24.04.2 LTS (GNU/Linux 6.8.0-56-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/pro
System information as of Wed Mar 26 07:43:39 PM UTC 2025
System load: 0.0 Processes: 138
Usage of /: 6.6% of 97.87GB Users logged in: 1
Memory usage: 2% IPv4 address for ens3: 152.53.239.17
Swap usage: 0%
Expanded Security Maintenance for Applications is not enabled.
0 updates can be applied immediately.
Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status
Last login: Wed Mar 26 19:34:30 2025 from 152.XX.XXX.XXXYou can also use the server’s hostname for SSH login. Make sure the DNS records have already been updated on your local machine:
nslookup 152.53.95.178The response should include your server’s hostname.
Server: 192.168.0.254
Address: 192.168.0.254#53
Non-authoritative answer:
178.95.53.152.in-addr.arpa name = v2202503255679323993.ultrasrv.de.
Authoritative answers can be found from:
Leave a Reply
You must be logged in to post a comment.