Introduction
Ubuntu uses UFW (Uncomplicated Firewall) as the default tool for configuring the firewall. It simplifies the use of iptables, allowing for quick and easy setup of server protection using both IPv4 and IPv6. By default, UFW is disabled, but you can easily install it:
Checking UFW Status
To check whether the firewall is active:
If you see Status: inactive, it means the firewall is currently disabled.
Enabling UFW
Warning! If you're connected via SSH, allow SSH access before enabling UFW, or you might get locked out.
To enable UFW:
To see the list of current rules:
Disabling UFW
To temporarily disable the firewall:
Note: This completely turns off your firewall—use with caution!
Blocking IP Addresses and Subnets
- Block a specific IP:
- Block an entire subnet:
- Block an IP on a specific interface:
Allowing IP Addresses
- Allow all traffic from a specific IP:
- Allow incoming traffic from an IP on a specific interface:
Deleting Rules
- Delete a rule by its parameters:
- Delete a rule by number:
Application Profiles
UFW can use predefined profiles for common services:
- List available profiles:
- Enable a profile (e.g. OpenSSH):
- Remove a profile:
Opening Common Ports
- SSH (port 22):
- HTTP (port 80):
- HTTPS (port 443):
- HTTP + HTTPS combined:
Allowing Database Connections
- MySQL (port 3306):
- PostgreSQL (port 5432):
- Allow for a subnet:
FAQ — Frequently Asked Questions
How do I check which rules are currently applied?
Run:
What if I accidentally blocked SSH access?
Use your hosting provider’s console or IPMI/KVM access and run:
Can I allow multiple ports at once?
Yes. For example:
How do I undo a rule I added by mistake?
List rules with numbers:
Then remove by number:
UFW is conflicting with another firewall. What should I do?
Disable the other firewall (e.g., firewalld) or make sure it’s not managing the same rules.
Conclusion
Configuring UFW on Ubuntu provides a straightforward and effective way to secure your server by controlling network traffic. It simplifies the complex iptables rules, making it easier for users to implement firewall policies without needing deep knowledge of networking. UFW is especially useful for small to medium-sized environments where ease of use and flexibility are essential. When setting up UFW, it's crucial to focus on securing critical services like SSH, HTTP, and database connections, while ensuring you don't inadvertently block important traffic. Regularly reviewing and updating firewall rules is vital to maintaining security, and leveraging application profiles for common services can help streamline configuration. Ultimately, using UFW effectively can greatly enhance the security of your Ubuntu server while keeping the setup process manageable and efficient