Atlantic.Net Blog

How to Configure UFW Firewall on Ubuntu 18.04

Hitesh Jethva
by Atlantic.Net (76posts) under VPS Hosting
0 Comments

UFW, also known as Uncomplicated Firewall, is a Linux-based tool for managing firewalls. It uses a command-line interface and is specially designed to be easy to use. UFW is a frontend for iptables and provides a framework for managing netfilter.

UFW is an alternate tool for iptables that simplifies the process of configuring a firewall. While iptables is a very good and flexible tool, but it can be difficult for beginners to learn how to use it to properly configure a firewall.

If you are looking for a tool to secure your network and aren’t sure which tool to use, then UFW is probably the right choice for you.

In this tutorial, we will show you how to configure a firewall with UFW on Ubuntu 18.04.

Prerequisites

  • A fresh Ubuntu 18.04 VPS on the Atlantic.Net Cloud Platform.

Step 1 – Create Atlantic.Net Cloud Server

First, log in to your Atlantic.Net Cloud Server.  Create a new server, choosing Ubuntu 18.04 as the operating system, with at least 2GB RAM. Connect to your Cloud Server via SSH and log in using the credentials highlighted at the top of the page.

Once you are logged into your Ubuntu 18.04 server, run the following command to update your base system with the latest available packages.

apt-get update -y

Step 2 – Install UFW

UFW is installed by default on Ubuntu 18.04. If not, you can install it by running the following command:

apt-get install ufw -y

After installing UFW, the first thing you need to do is to check the help manual. You can run the following command to see the UFW help manual:

ufw --help

You should get the following output:

Usage: ufw COMMAND

Commands:
 enable                          enables the firewall
 disable                         disables the firewall
 default ARG                     set default policy
 logging LEVEL                   set logging to LEVEL
 allow ARGS                      add allow rule
 deny ARGS                       add deny rule
 reject ARGS                     add reject rule
 limit ARGS                      add limit rule
 delete RULE|NUM                 delete RULE
 insert NUM RULE                 insert RULE at NUM
 route RULE                      add route RULE
 route delete RULE|NUM           delete route RULE
 route insert NUM RULE           insert route RULE at NUM
 reload                          reload firewall
 reset                           reset firewall
 status                          show firewall status
 status numbered                 show firewall status as numbered list of RULES
 status verbose                  show verbose firewall status
 show ARG                        show firewall report
 version                         display version information

Application profile commands:
 app list                        list application profiles
 app info PROFILE                show information on PROFILE
 app update PROFILE              update PROFILE
 app default ARG                 set default application policy

Step 3 – Setting Up UFW Default Policies

The first thing you will need to do is to define your default policies. These policies control how to handle the traffic that does not explicitly satisfy other firewall rules. By default, UFW is configured to allow all outgoing connections and deny all incoming connections.

Let’s start by changing UFW’s settings back to the defaults. You can set up it with the following command:

ufw default deny incoming
ufw default allow outgoing

Step 4 – Allow SSH Connections

If you are using a cloud server, you will need to allow SSH connections before enabling the UFW firewall. This will allow you to connect and manage your server via SSH. Otherwise, you will no longer be able to connect to your cloud server.

Run the following command to configure your UFW firewall to allow incoming SSH connections.

ufw allow ssh

The above command will allow all incoming connections on port 22.

If you configured your SSH server to listen on a different port, then you will have to allow the appropriate port with UFW.

Now, enable the UFW firewall by running the following command:

ufw enable

You can now check the status of the UFW firewall with the following command:

ufw status

You should get the following output:

Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                 
22/tcp (v6)                ALLOW       Anywhere (v6)

Step 5 – UFW Basic Rules

In this section, we will learn how to allow, deny and delete UFW firewall rules.

There are two ways to allow incoming traffic with UFW.

If you want to allow incoming traffic of HTTP service, then run the following command with a service name:

ufw allow http

Or, run the following command with port number:

ufw allow 80

To allow HTTPs on port 443, run the following command:

ufw allow https

Or:

ufw allow 443/tcp

You can also filter the packets based on TCP/UDP by running the following command:

ufw allow 80/tcp
ufw allow 21/udp

You can also deny any rules with the following command:

ufw deny 80

Or:

ufw deny http

To delete the HTTP rules, run the following command:

ufw delete allow http

Or:

ufw delete allow 80

Step 6 – UFW Advanced Rules

In this section, we will learn some advanced rules with UFW.

If you have some applications to run on a range of ports 8080-8090. You can allow these ports by running the following command:

ufw allow 8080:8090/tcp

If you want to add a specific IP address (192.168.0.3) to allow access to all incoming connections, run the following command:

ufw allow from 192.168.0.3

To deny all incoming connections from specific IP address (192.168.0.4), run the following command:

ufw deny from 192.168.0.4

If you want to allow a specific IP address (192.168.0.5) on a specific port (80), run the following command:

ufw allow from 192.168.0.5 to any port 80

To allow all incoming connections to a specific network interface (eth1), run the following command:

ufw allow in on eth2

To allow all incoming connections to specific network subnets (192.168.0.1/24), run the following command:

ufw allow from 192.168.1.0/24

If you want to remove (reset) all of your rules, run the following command:

ufw reset

If you want to stop UFW and deactivate all the rules, run the following command:

ufw disable

Conclusion

In the above tutorial, we learned how to setup UFW firewall on Ubuntu 18.04. We have also learned how to allow, deny, delete and some advanced rules with UFW. If you’re ready to get started with UFW, take a look at Atlantic.Net’s VPS Hosting plans.

Get A Free To Use Cloud VPS

Free Tier Includes:
G2.1GB Cloud VPS Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year


Looking for a Hosting Solution?

We Provide Cloud, Dedicated, & Colocation.

  • Seven Global Data Center Locations.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now! Med Tech Award FTC
SOC Audit HIPAA Audit HITECH Audit

Recent Posts

Get started with 12 months of free cloud VPS hosting

Free Tier includes:
G2.1GB Cloud VPS Server Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year


New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4

Canada

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Resources