How to set up & configure Ubuntu Firewall (UFW) for Ubuntu 18

2020-08-17 By Ryan 6545 Views linux ufw firewall security networking
5 reviews

UFW is the default firewall configuration tool for Ubuntu and it was developed to ease iptables firewall configuration. It provides a user-friendly way to create an IPv4 or IPv6 host-based firewall and it is disabled by default on the ubuntu system.


Steps to install UFW


  1. It should be installed by default in Ubuntu 18, otherwise use the command below to install.

    # apt install ufw
    

    ufw1

  2. Check the UFW status once the installation is completed.

    # ufw status verbose
    

    ufw2

  3. It is disabled by default, so use the below commands to enable and disable UFW.

    # ufw enable
    
    # ufw disable
    

    ufw3


Application Profiles

While installing any package with the apt command, it will add an application profile to /etc/ufw/applications.d directory to describe the service and contains UFW settings.


  1. Run the below command to list all application profiles available on your server.

    # ufw app list
    

    ufw4

  2. Run the below command to find more information about a specific profile and included rules.

    # ufw app info Apache
    

    ufw5

    Note: Replace the Application Apache with the original Application name.


Steps to Allow Connections


  1. Run the below command to allow the SSH connection.

    # ufw allow ssh
    

    ufw6

  2. Run the below command to allow any custom port.

    # ufw allow 3322/tcp
    

    ufw7

    Note: Replace the port number 3322 with your required custom port.

  3. Run the below commands to allow HTTP - Port 80 as an example.

    # ufw allow http
    
    # ufw allow 80/tcp
    

    ufw8

  4. Run the below commands to allow HTTPS - Port 443 as an example.

    # ufw allow https
    
    # ufw allow 443/tcp
    

    ufw9

  5. Run the below commands to allow both TCP and UDP port ranges as an example.

    # ufw allow 8200:8300/tcp
    
    # ufw allow 8200:8300/udp
    

    Note: Replace the port range with your required range.

    ufw10

  6. Run the below commands to allow specific IP addresses and specific IP addresses on a specific port as an example.

    # ufw allow from 123.123.123.123
    
    # ufw allow from 123.123.123.123 to any port 22
    

    ufw11

    Note: Replace the IP address and port with your original IP address and required port setting.


Steps to Deny Connections


  1. Run the below command to deny all connections from an IP address.

    # ufw deny from 123.123.123.123/24
    

    ufw12

    Note: Replace the IP address with the original IP address.

  2. If only need to deny access to any ports from the IP address, use the below command.

    # ufw deny from 123.123.123.123/24 to any port 80
    

    ufw13

    Note: Using deny rules is the same as using allow rules, here only need to replace allow with denying.


Delete UFW Rules


  1. You can delete the UFW rules by rule number and by specifying the actual rule. Run the below commands to check the rule number and remove UFW rules.

    # ufw status numbered
    
    # ufw delete 5
    

    Note: Replace the rule number with the original number.

    ufw14

    ufw15

  2. Run the below command to remove the UFW rule by specifying the actual rule as an example.

    # ufw delete allow 443/tcp
    

    ufw16

    Note: Replace the rule allow 443/tcp with the original rule.


Reset UFW


Resetting UFW will disable UFW and delete all active rules and it is the way if you want to revert all of your changes and start fresh.

# ufw reset

ufw17


Related Tutorials

What do you think about this article?

Rate this article
LayerStack Promotion
Need assistance?

Try this guide to receive free bundled services at signup on a new free account.

Sign Up

Your Feedback Is Important

We hope you’ll give the new products and updates a try. If you have an idea for improving our products or want to vote on other user ideas so they get prioritized, please submit your feedback on our Community platform. And if you have any questions, please feel free to ask in the Community or contact our Technical Support team.