Advanced UFW Configurations

2 min read Web Security Fundamentals

Advanced UFW Configurations

While UFW simplifies basic firewall management, it also supports advanced configurations through application profiles and custom rules. Understanding these capabilities allows you to maintain simplicity while implementing sophisticated security policies.

Create application profiles for complex services:

# Create a web server profile
sudo nano /etc/ufw/applications.d/web-server

[WebServer]
title=Web Server
description=HTTP and HTTPS traffic
ports=80,443/tcp

[WebServerSecure]
title=Secure Web Server
description=HTTPS traffic only
ports=443/tcp

# Apply the profile
sudo ufw allow WebServer

Implement rate limiting with UFW:

# Limit SSH connections to prevent brute force
sudo ufw limit ssh/tcp

# Rate limiting for web services
sudo ufw limit 80/tcp
sudo ufw limit 443/tcp

# Custom rate limiting rule
sudo ufw insert 1 limit in on eth0 from any to any port 80 proto tcp

Advanced UFW rules using iptables syntax:

# UFW supports raw iptables rules for advanced scenarios
sudo ufw --force enable

# Add custom iptables rules via UFW
sudo nano /etc/ufw/before.rules

# Add before *filter section:
# Block SQL injection attempts
-A ufw-before-input -p tcp --dport 80 -m string --string "union select" --algo bm -j DROP
-A ufw-before-input -p tcp --dport 443 -m string --string "union select" --algo bm -j DROP