By default, Ubuntu comes with firewall configuration tool which is called as UFW. UFW stands for Uncomplicated Firewall used to manage firewall rules in Ubuntu.
UFW, or Uncomplicated Firewall, is basically an interface to iptables that is geared towards simplifying the process of configuring a firewall. While iptables is a solid and flexible tool, it can be difficult for beginners to learn how to use it to properly configure a firewall. If you're looking to get started securing your network, and you’re not sure which tool to use, UFW may be the right choice for you.
Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform related UFW Firewall queries.
In this context, we shall look into how to set up UFW firewall on Ubuntu.
Before proceeding with this Installation procedure, ensure that you are using a user with a user with sudo privileges.
As previously mentioned, UFW is installed in Ubuntu by default. For any reason you have uninstalled then you should first install UFW to your Ubuntu system.
$ sudo apt install ufw
How to Check UFW Status on Ubuntu ?
You can check the status of ufw once the installation is finished. For that run the below command:
$ sudo ufw status verbose
If you never activated UFW before then it will show output as inactive because by default, UFW is disabled:
Output
Status: inactive
Once you will activated UFW then status output will show as below:
Output
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
How to Enable UFW on Ubuntu ?
If UFW is not enabled on your system then you can do it easily by typing:
$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
It will show warning that it may disrupt existing ssh connections if enabling the firewall. Press y and hit Enter to continue.
Now if you want to check status you can check again and it should show activated.
How to Set UFW Default Policies on Ubuntu ?
UFW will block all of the incoming connections and allow all outbound connections. Commonly, we need only some of ports open for incoming connections and block all other ports. The default polices are defined in the /etc/default/ufw file.
Using UFW you can set and manage this type of rules polices.
Use below command to deny all incoming connections to your system:
$ sudo ufw default deny incoming
To allow all outgoing connections type following in terminal.
$ sudo ufw default allow outgoing
How to Add Rules to UFW on Ubuntu ?
It is very easy to add rules for any service or port numbers. Following is the basic syntax to add rule for any port:
$ sudo ufw ACTION PORT_NUMBER
Here, ACTION should replace with deny or allowed and PORT_NUMBER is the number of port for which you want to set rule.
How to Allow SSH Connections Port 22 ?
To allow incoming and outgoing connections on port 22 (SSH) run below command:
$ sudo ufw allow 22
You also can run command with the service name as below:
$ sudo ufw allow ssh
It will show output as below:
Output
Rule added
Rule added (v6)
How to Open port 80 – HTTP on Ubuntu ?
You can allow HTTP connections using below command:
$ sudo ufw allow http
Instead of http you can use the port number, 80:
$ sudo ufw allow 80/tcp
How to Open port 443 – HTTPS on Ubuntu ?
If your website using SSL then your server should open 443 port to allow connections over it. Run below command to allow port 443:
$ sudo ufw allow https
Same as http your can use port number instead of service name:
$ sudo ufw allow 443/tcp
How to Deny Traffic on Port 972 ?
You can deny traffic on specific port using below command:
$ sudo ufw deny 972
How to Delete rules on Ubuntu ?
If you have added any rule and no need more now then you can delete it easily using delete action. For example, if we don’t want rule for https then run below command to delete rule for https:
$ sudo ufw delete allow 443
How to Allow Specific IP Addresses ?
If you want allow connections from a specific IP address for all ports then just need to specify IP address as given below:
$ sudo ufw allow from 1.83.43.125
It will add that IP address to whitelist.
How to Allow Specific IP Addresses on Specific port ?
If you have requirement that specific IP address should allow connections for specific ports only then run below command:
$ sudo ufw allow from 1.03.03.025 to any port 22
In above command you can see that we have followed port number after IP address to allow for specific port. So connections from 1.03.03.025 are allowed only for port 22.
How to Deny Specific IP Addresses ?
To deny all the connections from a specific IP address, you need to specify IP address with deny option as given below:
$ sudo ufw deny from 1.03.03.025
It will add that IP address to blacklist.
How to Deny Specific IP Addresses on Specific port ?
When you want to deny connections from specific IP address for specific ports only then you can do it by run below command:
$ sudo ufw deny from 1.03.03.025 to any port 22
You can see in above command we have given port number after IP address to deny for specific port. Thus, connections from 1.03.03.025 are deny only for port 22.
How to Disable UFW on Ubuntu ?
If you have requirement to disable UFW then you can simple do it by run below command:
$ sudo ufw disable
How to Log in UFW ?
You can enable or disable logging in UFW with three levels. Default log level is low out of low, medium and high.
Type below command to enable logging:
$ sudo ufw logging on
This article covers how to set up UFW on Ubuntu 18.04 system. It advised to deny all the incoming connections except necessary ports. Uncomplicated Firewall or UFW is an interface to iptables that is designed to simplify the process of configuring a firewall. While iptables is a firm and flexible tool, it can be sometimes tricky for beginners to learn how to use it to properly configure a firewall. If a user is looking to get started securing his or her network, UFW may be the appropriate solution.
UFW is installed on Ubuntu by default. If it has been uninstalled for some reason, we can install it with the following command:
$ sudo apt install ufw
By default, UFW denies all incoming connections and allows all outgoing connections. It means that a client trying to reach our server would not be able to connect. When an application from our server tries to connect any other server outside, it will be allowed. The following commands serve the purpose:
$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing