Linux UFW Tool
UFW
(Uncomplicated Firewall) is a command-line tool in Linux designed to simplify the process of configuring a firewall. It’s an easier front-end for iptables
and is particularly popular on Debian-based systems like Ubuntu. Here’s a guide on using ufw
with commands and example outputs.
Step 1: Installing UFW (if not already installed)
On most Debian-based systems, ufw
is pre-installed. If it’s not, you can install it using:
Step 2: Enable UFW
By default, ufw
is inactive. To start the firewall and enable it to load on boot, run:
Example Output:
Step 3: Set Default Policies
To secure your system, it’s a good idea to deny all incoming connections and allow all outgoing connections by default:
Example Output:
This setup blocks all incoming connections except those you explicitly allow, while allowing all outgoing connections.
Step 4: Allow or Deny Specific Ports and Services
Allowing a Service (e.g., SSH on port 22)
To allow SSH connections (important if you’re managing the server remotely), use:
Alternatively, you can specify the port number directly:
Example Output:
Allow HTTP and HTTPS Traffic
To allow web traffic, open HTTP (port 80) and HTTPS (port 443):
or:
Example Output:
Deny a Port
To block a specific port, such as port 8080, use:
Example Output:
Step 5: Allow or Deny IP Address Ranges
Allow Specific IP
To allow a specific IP address (e.g., 192.168.1.10
) access to your server:
Allow Specific IP on a Port
To allow a specific IP only on a certain port (e.g., 192.168.1.10
on SSH port 22):
Example Output:
Step 6: Check UFW Status and Rules
To check if UFW is active and see the list of current rules:
Example Output:
Step 7: Delete Rules
To delete a rule, use the delete
keyword. You can specify the rule by port or service name.
Delete by Port:
Delete by Service:
Example Output:
Step 8: Disable UFW
If you need to temporarily disable the firewall (e.g., for troubleshooting):
Example Output:
To re-enable it, use:
Step 9: Advanced UFW Commands
Check Detailed Status: For a more detailed list of rules with numbered lines, use:
Example Output:
Delete a Rule by Number: To delete a rule by its number from the numbered status list:
Summary of UFW Commands
- Enable UFW:
sudo ufw enable
- Set default policies:
sudo ufw default deny incoming
/sudo ufw default allow outgoing
- Allow a service or port:
sudo ufw allow ssh
orsudo ufw allow 80
- Deny a service or port:
sudo ufw deny 8080
- Check status:
sudo ufw status