how to configure ufw in ubuntu

How to Configure UFW Firewall in Linux

Team Fedingo

UFW (Uncomplicated Firewall) is a popular firewall service in Linux that allows you to easily open/close ports and monitor network traffic. It is easy to use and allows you to manage iptables rules as per your requirements. In this article, we will look at how to configure UFW firewall in Linux.


How to Configure UFW Firewall in Linux

UFW is installed in Ubuntu by default. If it is not present in your system, then you can install UFW with the following command.

$ sudo apt install ufw

Please note, by default UFW will block all incoming connections and allow all outgoing connections. It means that no one will be able to connect to your server while all your applications will be able to send data outside, unless you explicitly define firewall rules.

All the default policies of UFW are located at /etc/default/ufw and can be changed using the following command

$ sudo ufw default <policy> <chain>

Also, when installed, UFW is inactive by default. We need to enable it with the following command

$ sudo ufw enable

Also read : How to Use NGINX with Flask


Let us look at the most commonly used commands to use UFW.

Get UFW status

You can check UFW status using the following command.

$ sudo ufw status


Disable UFW

Here is the command to simply disable ufw

$ sudo ufw disable

Also read : How to Use NGINX Reverse Proxy with Django


Reset UFW

If you want to reset all firewall rules in UFW, use the following command to reset it completely.

$ sudo ufw reset


Application Profiles

Whenever you install a package using apt command, it will create an application profile in ufw, that consists of service description and firewall rules for that application. All application profiles are store at /etc/ufw/applications.d and can be listed using the following command

$ sudo ufw app list

Available applications:   
NGINX
uwsgi
python3-gunicorn

If you want to get specific information about an application (e.g. NGINX) use the following command.

$ sudo ufw app info 'Nginx'

Also read : How to Convert Int to String in Python


Allow HTTP Port 80

Here is the command to allow port 80 using UFW

$ sudo ufw allow http
OR
$ sudo ufw allow 80/tcp

Whenever you mention port number or port range, you must specify the protocol to be used – TCP or UDP.


Allow SSH Port 22

Here is the command to allow SSH port 22 using UFW

$ sudo ufw allow ssh
OR
$ sudo ufw allow 22/tcp

Also read : How to Change Max File Upload Size in PHP


Allow HTTPS Port 443

Here is the command to allow https port 443 using UFW

$ sudo ufw allow https
OR
$ sudo ufw allow 443/tcp


Allow Custom Port 3939

Here is the command to allow custom port 3939 using UFW

$ sudo ufw allow 3939/tcp

Also read : How to Count Unique IPs & Requests per IP in NGINX


Allow Port Range 21-22

Here is the command to allow port range 21-22 for FTP server. You add a colon (:) between start and end port numbers of the range.

$ sudo ufw allow 21:22/tcp


Allow from specific IP address

Here is the command to allow access from specific IP address 34.43.21.12, using allow from keyword

$ sudo ufw allow from 34.43.21.12

Also read : How to Host Multiple Domains in Single NGINX Server


Allow from specific IP on specific port

If you want to allow access from specific IP but only to specific port (e.g. 22) then you need to use to any port keyword in above command and mention port number.

$ sudo ufw allow from 34.43.21.12 to any port 22


Allow subnets

You can also specify subnets to mean ip range. Here is the command to allow access from 34.43.21.1 to 34.43.21.254

$ sudo ufw allow from 34.43.21.0/24

Also read : How to Host Samesite cookies in Apache


Deny Access

You can block access to a specific port or from a specific IP by using deny keyword instead of allow keyword in your command. Here are a few examples to block access

$ sudo ufw deny http # block http port 80
$ sudo ufw deny https # block https port 443
$ sudo ufw deny ssh # block ssh port 22
$ sudo ufw deny 3939/tcp # block custom port 3939
$ sudo ufw deny from 34.43.21.12 # block access from 34.43.21.12
$ sudo ufw deny from 34.43.21.0/24 # block access from 34.43.21.1-34.43.21.254

Also read : How to Exclude File in Git Commit


Delete Rules

If you want to delete any of the existing rules from UFW firewall, you can do so by either mentioning the rule number or by specifying the entire rule. Here is an example to delete rule number 5.

$ sudo ufw delete 5 # deletes rule number 5

You can get the list of rules along with number with the following command.

$ sudo ufw status numbered

You can also delete a rule by actually specifying it

$ sudo ufw delete allow 80/tcp

That’s it. As you can see, it is very easy to use UFW to manage your firewall and secure your system from malicious attackers. In this article, we have shown how to install UFW, get its status, enable/disable UFW. We have also described how to allow/deny access to various ports, as well as manage access from specific IP addresses and IP ranges.


Related posts:

How to Mount Drive from Terminal
How to List SFTP Users Who Have Access in Linux
How to Truncate File in Linux
How to Convert Image to Pdf in Linux
How to Remove SSL Certificate & SSH Passphrase in Linux
How to Run Linux Command in Background
How to Save Terminal History in Linux
How to Copy File to Multiple Directories in Linux

Leave a Reply

Your email address will not be published. Required fields are marked *