UFW (Uncomplicated Firewall) is a popular firewall service in Linux that allows you to easily open/close ports and monitor network traffic. It is easy to use and allows you to manage iptables rules as per your requirements. In this article, we will look at how to configure UFW firewall in Linux.
How to Configure UFW Firewall in Linux
UFW is installed in Ubuntu by default. If it is not present in your system, then you can install UFW with the following command.
$ sudo apt install ufw
Please note, by default UFW will block all incoming connections and allow all outgoing connections. It means that no one will be able to connect to your server while all your applications will be able to send data outside, unless you explicitly define firewall rules.
All the default policies of UFW are located at /etc/default/ufw and can be changed using the following command
$ sudo ufw default <policy> <chain>
Also, when installed, UFW is inactive by default. We need to enable it with the following command
$ sudo ufw enable
Also read : How to Use NGINX with Flask
Let us look at the most commonly used commands to use UFW.
Get UFW status
You can check UFW status using the following command.
$ sudo ufw status
Disable UFW
Here is the command to simply disable ufw
$ sudo ufw disable
Also read : How to Use NGINX Reverse Proxy with Django
Reset UFW
If you want to reset all firewall rules in UFW, use the following command to reset it completely.
$ sudo ufw reset
Application Profiles
Whenever you install a package using apt command, it will create an application profile in ufw, that consists of service description and firewall rules for that application. All application profiles are store at /etc/ufw/applications.d and can be listed using the following command
$ sudo ufw app listAvailable applications:
NGINX
uwsgi python3-gunicorn
If you want to get specific information about an application (e.g. NGINX) use the following command.
$ sudo ufw app info 'Nginx'
Also read : How to Convert Int to String in Python
Allow HTTP Port 80
Here is the command to allow port 80 using UFW
$ sudo ufw allow http OR $ sudo ufw allow 80/tcp
Whenever you mention port number or port range, you must specify the protocol to be used – TCP or UDP.
Allow SSH Port 22
Here is the command to allow SSH port 22 using UFW
$ sudo ufw allow ssh OR $ sudo ufw allow 22/tcp
Also read : How to Change Max File Upload Size in PHP
Allow HTTPS Port 443
Here is the command to allow https port 443 using UFW
$ sudo ufw allow https OR $ sudo ufw allow 443/tcp
Allow Custom Port 3939
Here is the command to allow custom port 3939 using UFW
$ sudo ufw allow 3939/tcp
Also read : How to Count Unique IPs & Requests per IP in NGINX
Allow Port Range 21-22
Here is the command to allow port range 21-22 for FTP server. You add a colon (:) between start and end port numbers of the range.
$ sudo ufw allow 21:22/tcp
Allow from specific IP address
Here is the command to allow access from specific IP address 34.43.21.12, using allow from keyword
$ sudo ufw allow from 34.43.21.12
Also read : How to Host Multiple Domains in Single NGINX Server
Allow from specific IP on specific port
If you want to allow access from specific IP but only to specific port (e.g. 22) then you need to use to any port keyword in above command and mention port number.
$ sudo ufw allow from 34.43.21.12 to any port 22
Allow subnets
You can also specify subnets to mean ip range. Here is the command to allow access from 34.43.21.1 to 34.43.21.254
$ sudo ufw allow from 34.43.21.0/24
Also read : How to Host Samesite cookies in Apache
Deny Access
You can block access to a specific port or from a specific IP by using deny keyword instead of allow keyword in your command. Here are a few examples to block access
$ sudo ufw deny http # block http port 80 $ sudo ufw deny https # block https port 443 $ sudo ufw deny ssh # block ssh port 22 $ sudo ufw deny 3939/tcp # block custom port 3939 $ sudo ufw deny from 34.43.21.12 # block access from 34.43.21.12 $ sudo ufw deny from 34.43.21.0/24 # block access from 34.43.21.1-34.43.21.254
Also read : How to Exclude File in Git Commit
Delete Rules
If you want to delete any of the existing rules from UFW firewall, you can do so by either mentioning the rule number or by specifying the entire rule. Here is an example to delete rule number 5.
$ sudo ufw delete 5 # deletes rule number 5
You can get the list of rules along with number with the following command.
$ sudo ufw status numbered
You can also delete a rule by actually specifying it
$ sudo ufw delete allow 80/tcp
That’s it. As you can see, it is very easy to use UFW to manage your firewall and secure your system from malicious attackers. In this article, we have shown how to install UFW, get its status, enable/disable UFW. We have also described how to allow/deny access to various ports, as well as manage access from specific IP addresses and IP ranges.