Help on Incoming/ outgoing traffic - Ufw settings

I have installed Ubuntu 20.04 in my laptop. I tried to configure ufw after attending the workshop 12 on LMS.
I am quite confused regarding the incoming/outgoing traffic and regarding how the ports work.
I just want to use the internet for browsing, downloading files. How should I configure ufw?
By default, ufw denied incoming, allow outgoing. With this settings I can browse and download files without opening the port 80 and the port 443. I don’t understand :thinking:. How do I check which ports are open? How can I close all ports except port 80 and port 443?
It will great if someone can help me understand.

Thank you.

Hey @mnfox!
The “Deny Incoming Connections” is activated for any connections not initiated by you. The data that comes from outside are responses to your own outgoing requests, that’s why it goes through the firewall normally.
Now, if an external system tries to initiate a connection to you, that is considered an “Incoming Connection” and is therefore blocked.
Also, when you open up a browser that has the capacity to reach out (Outgoing), then a temporary rule is automatically set on the UFW that allows the app to also receive. This rule is disabled the moment you quit the app.

For example, if you open port 80 on the Incoming Connections, then this means that the firewall will allow a http level connection from the outside world toward your system. However, the only service that responds to that port is the web server (like Wordpress, Apache, etc). So, your system will not respond. However, since you are behind a router, you have several devices that share the same public IP address (even though you may be on VPN and your system reaches the internet via an external IP). So, even if someone tries to find a port open on your system, it will be impossible to detect which device is which - as this will require “Port Forwarding” to be active on your router. In that case, your router will say “oh, yes, port 80 will direct to mnfox’s computer”. If that is not set (by default, all port forwarding is off), then the request will hit a wall at the router level.

So, if your system was out on its own on the internet with its own router, then all connections initiated by an external system or actor, are considered Incoming and will be blocked. If, however, you receive data on a specific port because of an action that you initiated, that is considered a response and will be allowed in via the same app that you used to initiate it.

I hope this helps! :slight_smile:

1 Like

Thank you so much Vasileios for your detailed explanation. I understand much better now. Thank you for sharing your knowledge.

1 Like

It’s my pleasure, @mnfox! That’s what we’re here for. :slight_smile: