# Firewalls and Security

We want to make sure that we can expose services and services to the internet, but we want to ensure that bad actors cannot enter our system. 

## UFW (Uncomplicated Firewall)

### What is UFW? 

**UFW (uncomplicated firewall)** is a command-line tool designed to simplify firewall management on Linux systems, particularly those based on Ubuntu. Built on top of [`iptables`](https://www.digitalocean.com/community/tutorials/iptables-essentials-common-firewall-rules-and-commands), it provides a user-friendly way to define rules for controlling network traffic, such as allowing or blocking specific ports, IP addresses, or services.

### Let's set up UFW 

```shellscript
sudo su                        # You must be root to configure UFW
ufw status                     # Check current firewall status (should be inactive)

ufw app list                   # List available application profiles
ufw allow OpenSSH              # Allow SSH connections
ufw limit ssh                  # Rate-limit SSH to prevent brute force

ufw default deny incoming      # Block all INcoming traffic by default
ufw default allow outgoing     # Allow all OUTgoing traffic by default

ufw enable                     # Activate the firewall 

ufw status                     # See the current ufw rules!
exit                           # go back to your own user
```

{% embed url="<https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu>" %}

#### Note that there are some implications of UFW and Docker:

{% embed url="<https://github.com/chaifeng/ufw-docker>" %}

But no worries, we will also cover how we can tackle this on Docker's side - spoiler, its to always define the service hostnames as  `127.0.0.1` !