Firewall
Software Installation
Ubuntu dekstop clients and servers have Uncomplicated Firewall (UFW) already installed, but not enabled by default.
Firewall Configuration
$ sudo ufw allow ssh/tcp
$ sudo ufw logging on
Logging
By default UFW logs everything in the systems log as kernels messages to
/var/log/kern.log. To redirect those messages to a separate log file,
open the log configuration file /etc/rsyslog.d/20-ufw.conf and make sure
the following lines are not commented out:
# Log kernel generated UFW log messages to file
:msg,contains,"[UFW " /var/log/ufw.log
# Uncomment the following to stop logging anything that matches the last rule.
# Doing this will stop logging kernel generated UFW log messages to the file
# normally containing kern.* messages (eg, /var/log/kern.log)
& stop
After that the system logging facility needs to be restarted:
$ sudo systemctl restart rsyslog.service
Note
There is currently no way I know of, to keep the Firewall messages out of the systemd journal.
Enabling UFW
$ sudo ufw enable
$ sudo ufw status