Friday, 10 July 2026

What is a UFW in ubuntu ?

UFW (Uncomplicated Firewall) is a user-friendly frontend for managing iptables/nftables firewall rules in Linux systems like Ubuntu and Debian.
Below is a structured reference to the most common UFW commands. Most configuration changes require sudo privileges.

1. General Management & Status

These commands let you control the firewall state and check current active rulesets.
  • Check status:
    sudo ufw status
    
  • Check detailed status (shows logging levels and default policies):
    sudo ufw status verbose
    
  • Enable the firewall (starts on system boot):
    sudo ufw enable
    
  • Disable the firewall:
    sudo ufw disable
    
  • Reload the firewall (applies modifications to configuration files):
    sudo ufw reload
    
  • Reset the firewall (deletes all rules and restores defaults):
    sudo ufw reset
    

2. Default Policies

Setting global policies determines how UFW treats traffic that doesn't match any specific rule. The standard recommended baseline is to block incoming and allow outgoing:
  • Block all incoming traffic by default:
    sudo ufw default deny incoming
    
  • Allow all outgoing traffic by default:
    sudo ufw default allow outgoing
    

3. Managing Port & Protocol Rules

You can open or close ports using service names (defined in /etc/services) or explicit port numbers. 
  • Allow a service by name (e.g., SSH):
    sudo ufw allow ssh
    
  • Allow a specific port (both TCP and UDP):
    sudo ufw allow 80
    
  • Allow a specific port and protocol (recommended):
    sudo ufw allow 443/tcp
    
  • Allow a specific port range (protocol required):
    sudo ufw allow 40000:50000/tcp
    
  • Deny traffic on a port:
    sudo ufw deny 25
    
  • Rate limit connections (useful for preventing brute force on SSH; caps at 6 connections per 30 seconds from a single IP):
    sudo ufw limit 22/tcp

4. IP-Based Filtering

To handle connections originating from specific network locations, use these commands:
  • Allow all traffic from a specific IP address:
    sudo ufw allow from 203.0.113.10
    
  • Block all traffic from a specific IP address:
    sudo ufw deny from 203.0.113.10
    
  • Allow an IP address to access a specific port:
    sudo ufw allow from 203.0.113.10 to any port 22
    
  • Allow an entire subnet (CIDR notation) to access a specific port:
    sudo ufw allow from 10.0.0.0/24 to any port 3306
    

5. Deleting Rules

There are two primary methods to remove rules you no longer need:
  • Delete by original specification: Duplicate the exact rule you added but prepend the word delete.
    sudo ufw delete allow 80/tcp
    
  • Delete by line number (Easiest for clean-up): First, list rules with assigned numbers:
    sudo ufw status numbered
    
    Then, delete using the corresponding index:
    sudo ufw delete 3
    

6. Application Profiles

Many packages (like Nginx, Apache, or OpenSSH) install profiles inside UFW to simplify rule management.
  • List available application profiles:
    sudo ufw app list
    
  • View details about a specific profile:
    sudo ufw app info "Nginx Full"
    
  • Allow an application profile:
    sudo ufw allow "OpenSSH"
    

7. Logging Options

  • Turn logging on/off:
    sudo ufw logging on
    sudo ufw logging off
    
  • Change log level granularity (low, medium, high, full):
    sudo ufw logging medium
    


Important Safety Warning: If you are configuring a remote server over SSH, always execute sudo ufw allow ssh or sudo ufw allow 22/tcp before running sudo ufw enable. Failing to do so will immediately lock you out of your server.

No comments:

Post a Comment