How To Set Up the UFW Firewall on Linux

The Uncomplicated Firewall is a firewall that runs on Linux and FreeBSD. One of the best things about this firewall system is its simplicity. However, it does not come with any documentation or setup guide to help you get started so you’ll want to use one of these tutorials for setting up your UFW: Install Uncomplicated Firewall on Ubuntu 16+, CentOS 7+, Debian 8+
Install Uncomplated Firewall On Fedora 28+

The “ufw command not found” is a common problem that many Linux users face. This article provides instructions on how to set up the UFW firewall on Linux.

There are no regulations or constraints on your network traffic if you don’t have a firewall, which has a lot of bad repercussions. Uncomplicated Firewall is the default firewall setup tool for Linux systems (UFW). But how do you get a UFW firewall up and running? Relax and unwind; this lesson has you covered!

In this guide, you’ll learn how to setup UFW and set up a firewall on your Linux machine to protect your network from unauthorized activity.

Ready? Continue reading to get started!

Prerequisites

This will be a hands-on presentation in this course. If you want to follow along, make sure you have the following items on hand:

• An Ubuntu computer – Ubuntu 20.04 LTS is used in this tutorial, but other Linux distributions will function as well.

Related: [Step-by-Step] How to Install Ubuntu 20.04

• Your computer has root privileges.

Enabling IPv6 Connection and Installing UFW

UFW is not installed by default, despite the fact that it is included with your Ubuntu system. Install UFW first and configure it to enable IPv6 connections using the apt package manager.

How to Manage Linux Packages Using the Ansible apt Module

1. To update your local package index, open your terminal and enter the apt update command below. For minimal user interaction, the command accepts all prompts (-y) throughout the update.

The System Package is being updated.

2. Then, use the command below to install UFW (install uwf) on your machine, accepting all prompts (-y) throughout the process.

Ubuntu with UFW installed

2. Use your preferred text editor to open the UFW configuration file (/etc/default/ufw). UFW supports IPv6, however you must ensure that your firewall is set up to permit IPv6 connections.

You’re still vulnerable to IPv6 assaults if you simply have IPv4 enabled.

4. Go to the IPV6 variable and update the value to yes, as shown below, then save and quit the editor.

In the UFW Configuration File, enable IPV6.

5. Finally, use the commands below to turn off and on UFW. The command forces the UFW service to restart in order for the modifications to take effect.

Your firewall may now write both IPv4 and IPv6 firewall rule sets when the command completes.

sudo ufw disable && sudo ufw enable

Default Policies for Firewall Rules Configuration

If you’re new to UFW, it’s a good idea to start by creating a default policy for your rules. The default policies are used when there are no explicit rules provided for a chain.

Configure UFW to block all incoming connections while allowing all outgoing ones. As a consequence, anybody attempting to connect to your system from the outside is refused, but you may connect to any website or server without restriction.

By default, the ufw command will refuse all incoming connections.

ufw default deny inbound sudo

Incoming network traffic is being denied.

To enable all outbound connections by default, use the following command.

ufw default allow outgoing sudo

Allowing Network Traffic to Leave

Using the UFW Firewall to Allow SSH Connections

You’ve just configured your UFW firewall’s default policies to block all incoming traffic, and the “allow all-deny all” rule is a decent choice for a typical user. But what if you’re a server administrator? You’ll need to let just certain types of traffic in and out. Permitting SSH connectionss via your UFW firewall will let particular traffic in and out.

Setting up SSH in Linux (A Windows Guy in a Linux World)

On port 22, you’ll set up an SSH server that accepts incoming SSH connections. But why port 22 rather than any other? Because the SSH daemon listens on port 22 by default on Unix-like systems, it’s a good idea to utilize the default SSH port to make your life simpler.

1. Run the instructions below to install the OpenSSH server (install openssh-server) and start an OpenSSH server on your machine (start ssh).

sudo systemctl start ssh sudo apt install openssh-server -y

2. Now, to accept incoming SSH connections, execute the command below. It will suffice if port 22 is not specified since UFW knows what port is used for SSH.

Permitting SSH connections

A list of all available services on your system may be found in the /etc/services file. As demonstrated below, open the file in your text editor, scroll down to ssh, and you’ll find the port number (22) is part of the service description.

Taking a look at the /etc/services file

However, if you want to use SSH, you might give the port number (22). If that’s the case, use the command below instead.

3. To activate UFW, execute the command below.

To continue performing the program, type Y in the confirmation box, as shown below, and hit Enter. On your machine, UFW will now begin filtering packets.

Activating UFW

4. Finally, to verify the status of your UFW firewall, use one of the instructions below.

## Shows additional specific information, such as the interface and the current status of the packet. ufw status verbose sudo ## Displays each rule’s number as well as the allow or deny status. ## When you’re attempting to eliminate a rule set here and there, the numbered mode comes in handy. ufw status numbered sudo

If you execute the command with the verbose option, you’ll get the following output:

• The firewall is now active if its status is active.
• UFW logs all packets handled by the firewall. Logging: on (low) – Indicates that UFW logs all packets processed by the firewall.
• Refuse (incoming), allow (outgoing), disabled (routed) – The default policy is to deny all incoming connections and allow all outgoing connections.
• New profiles: skip – Indicates that the firewall is still utilizing the default ruleset.

Checking the status of the UFW firewall in a more verbose manner

You’ll get the output below if you execute the command with the numbered option instead. A list of numerical regulations with their matching ALLOW or DENY status may be found.

In a numbered list, you can see the state of the UW Firewall.

HTTP and HTTPS Connections are Accepted

You’ve only permitted SSH connections through your UFW firewall so far, which restricts the potential of your server. Allow different forms of connections, such as HTTP or HTTPS, and expand the UFW firewall with additional rules.

To allow incoming HTTP connections, use one of the instructions below.

## Port 80 is used for HTTP connections (not secure) ufw allow 80 sudo ufw allow http sudo

HTTP connections are permitted.

To enable inbound HTTPS connections, perform one of the instructions below.

## HTTP connection uses port 443 (sudo ufw allow https) (secure) ufw allow 443 sudo

Allowing HTTPS connections to come in.

Allowing Connections from a Specific IP Address and Port Range

In order to deliver their services, several programs utilize numerous ports. You may also need to open a number of ports or enable connections from a certain IP address. In such scenario, extra UFW firewall rules should be added.

Through enable inbound connections on ports 5001 to 5009, run the instructions below. Because not all ports are utilized by both protocols, you should always mention the protocol (tcp or udp) following the port range to which the rules apply.

TCP ports like as 80 (HTTP) and 443 are examples of regularly used TCP ports (HTTPS). UDP ports 53 (DNS) and 67/68 are popular (DHCP).

ufw allow 5001:5010/tcp sudo ufw allow 5001:5010/udp sudo

The port range 5001:5010 is now open to traffic.

If you’d rather accept SSH connections from a certain IP address, use the command below. Only the 192.168.1.2 IP address is allowed to connect to SSH (port 22).

sudo ufw allow any port 22 from 192.168.1.2

Permitting SSH connectionss from Specific IP Address

Traffic from a Specific Network Interface Is Allowed

UFW also allows you to restrict traffic to a single network interface, such as eth0, which is the first Ethernet interface, and wlan0, which is the first Wi-Fi interface.

To enable HTTP connections solely on the eth0 and wlan0 interfaces, use one of the instructions below.

## Allow HTTP connections solely on the eth0 interface sudo ufw allow in any port 80 on eth0 ## Only allow HTTP connections on the wlan0 interface using sudo ufw allow in on wlan0 to any port 80

Allowing traffic via a certain interface

UFW Firewall Rules are being deleted.

Perhaps certain UFW firewall rules are no longer necessary. You may want to delete some of the rules from UFW in that scenario. But first, you’ll need to know the number or name of the rule you want to remove.

1. To acquire a numbered list of the rules introduced to UFW, use the command below.

In the output, take note of the rule’s number or name, as shown below.

Examining all of the regulations

2. Next, remove rule number 4, which is the 5001:5010/tcp port range, using the command below.

Delete a Rule Based on Its Number

3. Run the command below to remove a rule with the allow status by its real name. In this case, you would execute the following command to remove the http filter.

allow http sudo ufw remove

Delete a Rule Based on Its Name (http)

4. Now execute the following command to remove a rule with the allow status and a port number (443) specified.

allow 443 sudo ufw remove

Delete a Rule Based on Its Port Number (443)

5. Finally, to list all rules, re-run the following command as you did in step one.

The restrictions for the 5001:5010/tcp port range, http, and the 443 port have all been removed, as seen below.

Examining the firewall settings

The UFW Firewall is being reset.

You may need to reset UFW to its settings at times, such as after configuring a large number of rules. You may need to re-configure UFW and perhaps start over from scratch if an upgrade changes your setup.

To revert all of your firewall rules to their default values, use the ufw reset command. This command removes all of your existing firewall rules and disables UFW.

To continue resetting your UFW firewall, type ‘Y’ and press Enter.

UFW resetting

After the reset, you’ll have a new installation of UFW that’s completely deactivated, including your default policies.

To re-enable UFW, use the command below and start defining your firewall rules from scratch.

There’s no need to re-enable UFW if you decide you don’t want to use it anymore. Alternatively, use the command below to make sure UFW is turned off.

Uninstalling the UFW firewall

Conclusion

You’ve probably noticed by now that setting up a firewall using UFW isn’t all that difficult. You should now be able to set up and use UFW on Ubuntu to create and apply your own rules.

Why not study more about UFW and Docker Security on a Linux computer to supplement your acquired knowledge?

The “ufw list rules” is a command that allows users to view the firewall rules. The “ufw list rules” will list all of the current firewall rules.

Related Tags

• yum install ufw
• ufw allow port
• ufw status inactive
• ufw centos
• ufw linux command