Knowledge Base How-to Guides

Configuring a firewall in Ubuntu using the UFW utility

ufw is a tool for configuring Ubuntu firewalls. It is designed to easily set up iptables and provides a friendly way to create firewalls for both IPv4 and IPv6.

Usage examples for ufw

  • First, you need to enable ufw. Type in terminal:

sudo ufw enable

If it was not on the server (the version is old or for other reasons), then to install it, you need to run the command:

sudo apt-get install ufw

  • Open port (in this example SSH):

sudo ufw allow 22

  • Rules can be added using a numbered format:

sudo ufw insert 1 allow 80

  • Similarly, you can close an open port:

sudo ufw deny 22

  • To delete a rule, use delete:

sudo ufw delete deny 22

  • You can also allow access to the port from specific computers or networks. The following example allows SSH access from 192.168.0.2 to any IP address on this computer:

sudo ufw allow proto tcp from 192.168.0.2 to any port 22

Replace 192.168.0.2 with 192.168.0.0/24 to allow SSH access for the entire subnet.

  • Adding the --dry-run option to ufw will list the rules but not apply them. For example, the following shows what would be applied if the HTTP port was opened:

sudo ufw --dry-run allow http

*filter

:ufw-user-input - [0:0]

:ufw-user-output - [0:0]

:ufw-user-forward-[0:0]

:ufw-user-limit - [0:0]

:ufw-user-limit-accept - [0:0]

### RULES ###

### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0

-A ufw-user-input -p tcp --dport 80 -j ACCEPT

### END RULES ###

-A ufw-user-input -j RETURN

-A ufw-user-output -j RETURN

-A ufw-user-forward -j RETURN

-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT]: "

-A ufw-user-limit -j REJECT

-A ufw-user-limit-accept -j ACCEPT

COMMIT

Rules updated
  • ufw can be disabled with the command:

sudo ufw disable

Disabling the firewall in Ubuntu can be done with this command (UFW is an Uncomplicated Firewall).

  • To view the network protection status:

sudo ufw status

Настройки firewall в Ubuntu

  • For a more complete display of information, enter:

sudo ufw status verbose

Настройки firewall в Ubuntu

  • To display as numbered format:

sudo ufw status numbered

Настройки firewall в Ubuntu

  1. To reset the rules, use the sudo ufw reset, step 2 you can also use the 2000:3000 part range, step 13 Logging. To enable logging, enter the command: sudo ufw logging on ufw supports several logging levels:

off – disabled. low – logs all blocked packets that do not match the specified policy (with rate-limiting), as well as packets that match the registered rules. medium is the same as low, plus any allowed packets that don't match the given policy, all invalid packets, and all new connections. All recordings are subject to a speed limit. high – works the same as a medium, plus all rate-limited packets. full – same as high, but no speed limit.

To set the level, specify it as a parameter: sudo ufw logging high The default level is low.

To view files related to ufw logs, use the command: ls /var/log/ufw *

Dedicated Server

Dedicated server

Check out SIM-Networks’ powerful pre-made server configurations

See packages

Application integration in ufw

Applications that open ports can be included in ufw profiles that detail which ports the application needs to function correctly. The profiles are contained in /etc/ufw/applications.d and can be edited if the default ports have been changed.

  • To see which applications the profile is installed for, type the following command in a terminal:

sudo ufw app list

  • Similarly, you can allow traffic on a port using an application profile with the following command:

sudo ufw allow Samba

  • An extended syntax is also available:

ufw allow from 192.168.0.0/24 to any app Samba

Replace Samba and 192.168.0.0/24 with the application profile you are using and the IP range of your network.

There is no need to define a protocol as this information is detailed in the profile. Also, note that the app name has replaced the port number.

  • To view details of what ports, protocols, etc. are defined for an application, type:

sudo ufw app info Samba

Not all applications that require a network port to be opened come with a ufw profile, but if you have a profile for an application and would like this file to be included in the application's package, please file a bug about the package on the Launchpad site.

ubuntu-bug nameofpackage

Was this article helpful?

Tags:

#server #vds

Did you like the article?

Cookie consent

By clicking «I agree», you consent to our website's use of cookies to give you the most relevant experience by remembering your preferences and repeat visits. However, you may visit «Manage сookies» to provide controlled consent. Learn more

Cookies settings

functional

Necessary cookies are crucial for the basic functions of the website and the website will not work in its intended way without them.

  Enable essential cookies These cookies do not store any personally identifiable data.
Analytics

Analytical cookies are used to understand how visitors interact with the website.

  Enable analytic cookies These cookies help provide information on metrics such as number of visitors, bounce rate, traffic source, etc.
Advertisement

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns.

  Enable advertisement cookies These cookies track visitors across websites and collect information to provide customized ads.