UFW, also known as Uncomplicated Firewall, is a Linux-based tool for managing firewalls. It uses a command-line interface and is specially designed to be easy to use. UFW is a frontend for iptables and provides a framework for managing netfilter.
UFW is an alternate tool for iptables that simplifies the process of configuring a firewall. While iptables is a very good and flexible tool, but it can be difficult for beginners to learn how to use it to properly configure a firewall.
If you are looking for a tool to secure your network and aren’t sure which tool to use, then UFW is probably the right choice for you.
In this tutorial, we will show you how to configure a firewall with UFW on Ubuntu 18.04.
- A fresh Ubuntu 18.04 VPS on the Atlantic.Net Cloud Platform.
Create Atlantic.Net Cloud Server
First, log in to your Atlantic.Net Cloud Server. Create a new server, choosing Ubuntu 18.04 as the operating system, with at least 2GB RAM. Connect to your Cloud Server via SSH and log in using the credentials highlighted at the top of the page.
Once you are logged into your Ubuntu 18.04 server, run the following command to update your base system with the latest available packages.
apt-get update -y
UFW is installed by default on Ubuntu 18.04. If not, you can install it by running the following command:
apt-get install ufw -y
After installing UFW, the first thing you need to do is to check the help manual. You can run the following command to see the UFW help manual:
You should get the following output:
Usage: ufw COMMAND
enable enables the firewall
disable disables the firewall
default ARG set default policy
logging LEVEL set logging to LEVEL
allow ARGS add allow rule
deny ARGS add deny rule
reject ARGS add reject rule
limit ARGS add limit rule
delete RULE|NUM delete RULE
insert NUM RULE insert RULE at NUM
route RULE add route RULE
route delete RULE|NUM delete route RULE
route insert NUM RULE insert route RULE at NUM
reload reload firewall
reset reset firewall
status show firewall status
status numbered show firewall status as numbered list of RULES
status verbose show verbose firewall status
show ARG show firewall report
version display version information
Application profile commands:
app list list application profiles
app info PROFILE show information on PROFILE
app update PROFILE update PROFILE
app default ARG set default application policy
Setting Up UFW Default Policies
The first thing you will need to do is to define your default policies. These policies control how to handle the traffic that does not explicitly satisfy other firewall rules. By default, UFW is configured to allow all outgoing connections and deny all incoming connections.
Let’s start by changing UFW’s settings back to the defaults. You can set up it with the following command:
ufw default deny incoming
ufw default allow outgoing
Allow SSH Connections
If you are using a cloud server, you will need to allow SSH connections before enabling the UFW firewall. This will allow you to connect and manage your server via SSH. Otherwise, you will no longer be able to connect to your cloud server.
Run the following command to configure your UFW firewall to allow incoming SSH connections.
ufw allow ssh
The above command will allow all incoming connections on port 22.
If you configured your SSH server to listen on a different port, then you will have to allow the appropriate port with UFW.
Now, enable the UFW firewall by running the following command:
You can now check the status of the UFW firewall with the following command:
You should get the following output:
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
UFW Basic Rules
In this section, we will learn how to allow, deny and delete UFW firewall rules.
There are two ways to allow incoming traffic with UFW.
If you want to allow incoming traffic of HTTP service, then run the following command with a service name:
ufw allow http
Or, run the following command with port number:
ufw allow 80
To allow HTTPs on port 443, run the following command:
ufw allow https
ufw allow 443/tcp
You can also filter the packets based on TCP/UDP by running the following command:
ufw allow 80/tcp
ufw allow 21/udp
You can also deny any rules with the following command:
ufw deny 80
ufw deny http
To delete the HTTP rules, run the following command:
ufw delete allow http
ufw delete allow 80
UFW Advanced Rules
In this section, we will learn some advanced rules with UFW.
If you have some applications to run on a range of ports 8080-8090. You can allow these ports by running the following command:
ufw allow 8080:8090/tcp
If you want to add a specific IP address (192.168.0.3) to allow access to all incoming connections, run the following command:
ufw allow from 192.168.0.3
To deny all incoming connections from specific IP address (192.168.0.4), run the following command:
ufw deny from 192.168.0.4
If you want to allow a specific IP address (192.168.0.5) on a specific port (80), run the following command:
ufw allow from 192.168.0.5 to any port 80
To allow all incoming connections to a specific network interface (eth1), run the following command:
ufw allow in on eth2
To allow all incoming connections to specific network subnets (192.168.0.1/24), run the following command:
ufw allow from 192.168.1.0/24
If you want to remove (reset) all of your rules, run the following command:
If you want to stop UFW and deactivate all the rules, run the following command:
In the above tutorial, we learned how to setup UFW firewall on Ubuntu 18.04. We have also learned how to allow, deny, delete and some advanced rules with UFW. If you’re ready to get started with UFW, take a look at Atlantic.Net’s VPS Hosting plans.