π₯ Day 7 of My DevSecOps Journey
UFW Firewall, IPTables, Port Management, Connectivity, Troubleshooting & Real DevOps Scenarios (Full Guide)
Today was all about understanding how VM-level firewalls work using UFW (Uncomplicated Firewall) and why itβs preferred over traditional IPTables.
I also performed a hands-on practical using Java + Maven, tested port access, and learned multiple real-world troubleshooting techniques.
Letβs break down everything I learned π
π 1οΈβ£ Why Do We Need UFW When We Already Have Security Groups?
Security Groups (AWS/GCP/Azure) control firewall rules at the network level.
But inside the VM, we still need internal firewall protection.
πΈ Traditional Approach β IPTables
While powerful, IPTables is complex:
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
Not beginner-friendly. Hard to remember. Error-prone.
πΈ Modern Approach β UFW
UFW = Human-friendly wrapper over IPTables
sudo ufw allow 22
Much cleaner, easier, and safe for daily DevOps use.
π¦ 2οΈβ£ UFW Fundamentals β Simple, Clean & Effective
βοΈ Allow a port
sudo ufw allow 22
β Deny a port
sudo ufw deny 22
π Specify direction
By default, UFW assumes incoming traffic.
To specify direction:
Incoming:
sudo ufw allow in 22Outgoing:
sudo ufw deny out 443
π 3οΈβ£ Default UFW Policies
These policies define VM behavior:
Incoming: deny
Outgoing: allow
Can be changed using:
sudo ufw default deny incoming
sudo ufw default allow outgoing
π§ͺ 4οΈβ£ Hands-On Practical β Testing UFW With Java + Maven
I conducted a full demo to see UFW in action:
π§ Installed:
βοΈ Java
βοΈ Maven
𧬠Cloned a board-game project (GitHub)
git clone <repo>
π§ Issue: mvn package failed
Why?
Because the incoming port required by the application was blocked.
βοΈ Enabled incoming traffic using UFW
sudo ufw allow <required-port>
The application started working after allowing the port.
β Disabled the port again
Saw UFW reject the connection immediately.
π¦ 5οΈβ£ Types of Firewall Behaviors in UFW
1οΈβ£ Allow β Connection works normally
2οΈβ£ Deny β Silent timeout
3οΈβ£ Reject β Immediate error (host unreachable)
π 6οΈβ£ Adding Comments to UFW Rules
Useful for teams β makes rules readable:
sudo ufw allow 80/tcp comment "http"
Delete rule:
sudo ufw delete allow 80/tcp
Allow specific IP:
sudo ufw allow proto tcp from <IP> to any port <port>
π§ 7οΈβ£ Troubleshooting Scenarios I Learned Today
These are real DevOps issues that happen daily:
π₯ Issue 1 β Packages not installing
Cause: Outbound rules blocked, system cannot reach the internet.
βοΈ Fix: Add outbound allow rules.
π§ Issue 2 β docker.io or other package says: βno installation candidateβ
Two possible causes:
Didnβt run:
sudo apt updatePackage deprecated/unavailable in repo.
π¦ Issue 3 β SSH connection not working
Check if port 22 is open:
telnet <IP> 22
π© Issue 4 β Port already in use
Find the process:
sudo lsof -i :8080
πͺ Issue 5 β Check VM disk usage
du -sh
du -kh
π¨ Issue 6 β Permission problems
Add users to required groups:
sudo usermod -aG <group> <user>
π― Day 7 Takeaway
Todayβs learning strengthened my understanding of:
βοΈ VM-level firewalls
βοΈ UFW vs IPTables
βοΈ Port management
βοΈ Allow / deny / reject behavior
βοΈ Connectivity troubleshooting
βοΈ SSH debugging
βοΈ Storage checks
βοΈ Permission fixes
βοΈ Real DevOps debugging skills
Firewall management plays a huge role in secure application deployments, server protection, and cloud environments β and today helped me understand it with real, practical scenarios.
Looking forward to Day 8! π
