Skip to main content

UFW Firewall Setup Guide

UFW (Uncomplicated Firewall) is a front-end to iptables that makes it easier to manage firewall rules. It is designed to simplify the process of managing a firewall by using an easier syntax. In this guide, we will cover the basic and advanced usage of UFW, from setting up rules to managing your firewall efficiently.

1. Installing UFW

If UFW is not already installed on your system, you can install it by running the following command:

sudo apt update
sudo apt install ufw

2. Enabling UFW

After installation, you can enable UFW to start automatically on boot:

sudo ufw enable

This will activate UFW with the default settings. By default, UFW will block all incoming connections and allow outgoing ones.

2.1. Checking the UFW Status

To check if UFW is active and see the current status, run:

sudo ufw status

You will see an output like this:

Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere

This shows that SSH (port 22) is allowed from anywhere.

3. Basic UFW Commands

3.1. Allowing or Denying Connections

You can allow or deny access to specific services or ports. For example:

Allow HTTP (Port 80)

sudo ufw allow 80

Allow SSH (Port 22)

sudo ufw allow 22

Deny Specific Port

If you want to block access to a specific port, such as port 23 (Telnet), use:

sudo ufw deny 23

Allow Specific IP Address

If you only want to allow a specific IP address to access a port, use:

sudo ufw allow from 192.168.1.100 to any port 22

This allows only the IP address 192.168.1.100 to access port 22 (SSH).

3.2. Allowing or Denying a Specific Service

You can also allow or deny a service by its name, like http, https, or ssh, without specifying the port number.

Allow HTTP and HTTPS

sudo ufw allow http
sudo ufw allow https

Deny SSH

sudo ufw deny ssh

3.3. Allowing a Range of Ports

If you want to allow a range of ports, for example, ports 1000 to 2000, use:

sudo ufw allow 1000:2000/tcp

This command will allow all TCP traffic on ports 1000 through 2000.

4. Advanced UFW Configuration

4.1. Enabling UFW Logging

You can enable logging to monitor firewall activity. To enable UFW logging, use:

sudo ufw logging on

You can view the logs in the system log (/var/log/ufw.log) or use the dmesg command to view the output.

4.2. Rate Limiting

To protect against brute-force attacks, you can rate-limit SSH connections. This limits the number of attempts an IP can make to connect to SSH within a short time frame.

sudo ufw limit ssh

This will limit SSH connections to 6 per minute from the same IP address. After the limit is exceeded, the firewall will block further connections temporarily.

4.3. Default UFW Policies

You can set default policies to control how UFW behaves by default:

  • Deny incoming connections (default setting)
  • Allow outgoing connections (default setting)

To set the default policies, you can use:

sudo ufw default deny incoming
sudo ufw default allow outgoing

This configuration denies all incoming connections (except those you explicitly allow) and allows all outgoing connections.

4.4. Allowing Specific IP Ranges

If you need to allow access from a specific range of IP addresses, you can specify the IP range like this:

sudo ufw allow from 192.168.1.0/24 to any port 80

This command will allow all IP addresses in the 192.168.1.0/24 subnet to access port 80 (HTTP).

4.5. Deleting Rules

To delete a specific rule, use the following command:

sudo ufw delete allow 80

This deletes the rule allowing HTTP traffic on port 80.

5. Checking and Managing UFW Rules

You can list all active UFW rules with:

sudo ufw status verbose

This command provides a detailed view of the current firewall rules, including whether each rule allows or denies traffic.

To reset UFW to its default settings (i.e., clear all rules and set default policies), run:

sudo ufw reset

This will disable UFW, remove all rules, and restore the default settings.

6. Disabling UFW

If you need to disable UFW, you can run:

sudo ufw disable

This will stop UFW and all active rules, so no firewall protection is in place until it's enabled again.

7. Conclusion

UFW is an easy-to-use firewall solution for Linux systems, offering powerful features such as limiting connection rates, blocking specific ports, and managing IP-based access. By using UFW, you can secure your server with minimal effort and a user-friendly interface.

For advanced usage and further reading, check out the official UFW Documentation.