UFW (Uncomplicated Firewall) is the default firewall configuration tool for Ubuntu. It comes with a user-friendly front-end or command driven tool for managing iptables firewall rules easily. In this tutorial, I am explaining how to setup an Ubuntu firewall easily, without much deep knowledge about networking.
Before installing the UFW firewall, let’s have a look at firewall importance.
Why Firewall is Important
A firewall is an essential part of any system to restrict unauthorized access to the network. It helps you to protect your important data. A firewall controls the inbound and outbound traffic of a system. If you are using a Ubuntu based web server, then it is always recommended to set up a firewall during LAMP stack setup.
How to Setup Ubuntu Firewall
In Ubuntu, the firewall can be set up using the command line or GUI method. Let’s configure firewall using command line
Step 1: Install firewall
UFW is installed by default on Ubuntu, If it is uninstalled for some reason. You can install UFW by using this command.
$ sudo apt install UFW
Step 2: Set Default Policies for Firewall
This part is very crucial, as this part will control the flow of traffic that does not match explicitly with any other rule. By default, UFW denies all incoming connections and allows outgoing connections. In this state, if any one trying to connect your server is not able to connect. Whereas applications hosted on the server are able to reach the outside world.
To set the above rules, run the following commands.
$ sudo ufw default deny incoming $ sudo ufw default allow outgoing
Step 3: Allow SSH connections
If you are using any cloud server or VPS, you may need to connect your server using SSH to manage your server. To allow SSH, run the following command.
$ sudo ufw allow ssh
This command will allow all connections to the server on port 22, by default SSH daemons use port 22. All the ports were listed as a service in the /etc/services file.
You can write equivalent rules by using ports also.
Sometimes the SSH daemon is configured with a different port for security purposes. In that case write port number instead of service. For example,
$ sudo ufw allow 2222
[Always add SSH rules before enable UFW on Ubuntu, otherwise you are not able to connect your server via SSH]
Step 4: Enable UFW on Ubuntu
To enable UFW, run the following command.
$ sudo ufw enable
A warning message will appear that says that command may disrupt the existing ssh connection. As you already added SSH rules to the UFW, continue with the command to enable UFW. Type
y and press
Enter on the keyboard.
Now, the firewall is activated. Check the status of the ubuntu firewall with all the rules, run the following command.
$ sudo ufw status verbose
Above command will show the firewall configuration details, as below
Step 5: Enable Other Connections
According to your requirement, you can enable other ports as well. Let’s enable http and https rules on UFW. By default, HTTP uses port 80(unencrypted). To enable HTTP, you can run either service name or port number.
$ sudo ufw enable http or $ sudo ufw enable 80
Again, by default HTTPS uses port 443(encrypted). To enable HTTPS, you can run either service name or port number.
$ sudo ufw enable https Or $ sudo ufw enable 443
List of Commonly Used Network Ports
|Service Name||Port||Transport protocol|
|Secure Shell (SSH)||22||TCP and UDP|
|File Transfer Protocol (FTP)||21||TCP|
|Simple Mail Transfer Protocol (SMTP)||25||TCP|
|HyperText Transfer Protocol (HTTP)||80||TCP|
|HTTP with Secure Sockets Layer (SSL)||443||TCP and UDP|
|Remote Desktop Protocol(RDP)||3389||TCP and UDP|
How to Enable Port Ranges
Some applications need multiple ports to operate. You can enable port ranges with UFW by following commands.
$ sudo ufw allow 6000:6007/tcp $ sudo ufw allow 6000:6007/udp
(When specify port ranges, you need to mention tcp or udp to apply)
How to Enable Specific IP
Sometimes, you may need to enable specific IP with UFW to allow access to the server. The command you need to run for adding to the UFW.
$ sudo ufw allow from 184.108.40.206
You can also allow specific port to the IP by following command.
$ sudo ufw allow from 220.127.116.11 to any port 22
How to Disable Ubuntu Firewall
You can easily disable UFW by using the following command.
$ sudo ufw disable
If you want to reset your UFW rules, use the following command.
$ sudo ufw reset
A complete step by step guide to setup Ubuntu firewall. Follow this article thoroughly to complete UFW setup on Ubuntu. If you have any doubts feel free to contact me, I will definitely try to help you. Also, you can join our elite facebook group to get direct help from me. If you like this tutorial, please share this article on your social media handle.
For example, if the firewall is set to allow SSH port connections from anywhere, the output might look something like this: Use the command if you want to check how UFW has configured the firewall. You can always run if you need to activate it later.