UFW Commands for Ubuntu: Firewall Setup, Rules & Security Tips

Introduction

Ubuntu uses UFW (Uncomplicated Firewall) as the default tool for configuring the firewall. It simplifies the use of iptables, allowing for quick and easy setup of server protection using both IPv4 and IPv6. By default, UFW is disabled, but you can easily install it:

Checking UFW Status

To check whether the firewall is active:

If you see Status: inactive, it means the firewall is currently disabled.

Enabling UFW

Warning! If you're connected via SSH, allow SSH access before enabling UFW, or you might get locked out.

To enable UFW:

To see the list of current rules:

Disabling UFW

To temporarily disable the firewall:

Note: This completely turns off your firewall—use with caution!

Blocking IP Addresses and Subnets

• Block a specific IP:

• Block an entire subnet:

• Block an IP on a specific interface:

Allowing IP Addresses

• Allow all traffic from a specific IP:

• Allow incoming traffic from an IP on a specific interface:

Deleting Rules

• Delete a rule by its parameters:

• Delete a rule by number:

Application Profiles

UFW can use predefined profiles for common services:

• List available profiles:

• Enable a profile (e.g. OpenSSH):

• Remove a profile:

Opening Common Ports

• SSH (port 22):

• HTTP (port 80):

• HTTPS (port 443):

• HTTP + HTTPS combined:

Allowing Database Connections

• MySQL (port 3306):

• PostgreSQL (port 5432):

• Allow for a subnet:

FAQ: UFW (Uncomplicated Firewall) on Ubuntu

• Q1: How can I check which UFW rules are currently applied?
  A1: Run the command:
  sudo ufw status verbose

  This shows all active rules, including allowed ports and IP addresses.

• Q2: What if I accidentally block SSH access?
  A2: Use your hosting provider’s console or IPMI/KVM access, then run:
  sudo ufw allow OpenSSH

  This restores SSH connectivity safely.

• Q3: Can I allow multiple ports at once?
  A3: Yes. For example, to allow HTTP and HTTPS together:
  sudo ufw allow proto tcp from any to any port 80,443

  You can adjust the ports as needed for your services.

• Q4: How do I remove a UFW rule I added by mistake?
  A4: First, list rules with numbers:
  sudo ufw status numbered

  Then delete the unwanted rule by its number:

  sudo ufw delete <rule_number>
• Q5: What should I do if UFW conflicts with another firewall?
  A5: Disable the other firewall (e.g., firewalld) or ensure it’s not managing the same ports and rules to avoid conflicts.
• Q6: Can UFW manage both IPv4 and IPv6 traffic?
  A6: Yes. UFW handles IPv4 and IPv6 simultaneously if configured in /etc/default/ufw by setting IPV6=yes.

Conclusion

Configuring UFW on Ubuntu provides a straightforward and effective way to secure your server by controlling network traffic. By simplifying the complex iptables rules, UFW makes it easier for users to implement firewall policies without requiring deep networking knowledge.

UFW is particularly useful for small to medium-sized environments, where ease of use and flexibility are essential. When setting up UFW, it’s important to prioritize securing critical services such as SSH, HTTP, and database connections, while avoiding accidental blocking of necessary traffic.

Regularly reviewing and updating firewall rules is key to maintaining ongoing security. Leveraging application profiles for common services can further streamline the configuration process and reduce the risk of misconfigurations.

Ultimately, using UFW effectively can greatly enhance the security of your Ubuntu server while keeping the setup process manageable, efficient, and reliable.