How to configure the Ubuntu Firewall (UFW)

Linux Kernel and hence every Linux distro out there comes with a built-in Firewall but is deactivated. Here's how to configure the Ubuntu firewall wall (UFW).

A properly configured firewall is a crucial part of establishing preliminary system security. Keeping this in mind, here we will go over how to configure the firewall on your Ubuntu PC.

Now, by default, Ubuntu comes with a dedicated firewall configuration tool known as UFW or Uncomplicated Firewall. It is an intuitive front-end system designed to help you manage iptables firewall rules. With UFW, you will be able to use almost all the necessary firewall tasks without having to learn iptables.

As such, for this read, we will be using UFW to help set up a firewall for our Ubuntu PC. We have also put together a detailed step-by-step tutorial on how to use UFW to perform.

Configuring Ubuntu Firewall (UFW)

UFW is a simple and effective firewall application installed on Ubuntu by default, but not enabled. However, if you think that you might have accidentally deleted it, you can type the following command in your terminal to reinstall it again on your system.

sudo apt install ufw

This will install UFW on your system. And if it was already installed, you will get the following screen:

installing UFW on Ubuntu
Installing UFW on Ubuntu

Once installed, you need to make sure that it is enabled and working. To do this, use this command:

sudo ufw status verbose

As you can see from the image, in our system, it shows that UFW is inactive.

checking UFW status
Checking UFW status

In this case, to activate UFW, type in the following command:

sudo ufw enable

This should activate UFW on your system and display this message:

enabling UFW on Ubuntu
Enabling UFW on Ubuntu

Set Up Default Policies

With UFW activated, you can go and recheck its status using the previous command:

sudo ufw status verbose

You should now see something like this:

Default policies on UFW
Default policies on UFW

As you can see, by default, UFW denies all incoming connections and allows all outgoing connections. This prevents clients from connecting to our server from outside but will enable applications from our server to communicate with external servers.

However, you can fine-tune these rules to create a custom firewall specific to your needs and requirements.

In the following sections, we will discuss different ways in which you can control the firewall settings.

Configure UFW Behaviour Based on Incoming Connections to Different Ports

If you wish to allow connections that are using secured SSH, then use this command:

sudo ufw allow ssh

or

sudo ufw allow 22

You should receive the following message:

Allowing ssh connection
Allowing the SSH connection

Port 22 is the default port that the SSH Daemon listens to. As such, you can either configure UFW to allow the service (SSH) or the specific port (22).

Keeping this in mind, if you have configured your SSH daemon to listen to a different port, say port 2222, then you can just replace the 22 with 2222 in the command, and the UFW firewall will allow connections from that port.

Similarly, let’s say you want your server to listen to HTTP on port 80, then you can enter either of the following commands, and the rule will be added to UFW.

sudo ufw allow http

or

sudo ufw allow 80

To allow HTTPS on port 443, you can use the following commands:

sudo ufw allow https

or

sudo ufw allow 443

Now, if you want to let more than one port at the same time, that too is possible. However, in this case, you need to mention both – the port numbers as well as the specific protocol you want to activate.

Here is the command you will use to allow connections from ports 6000 to 6003 coming from TCP as well as UDP.

sudo ufw allow 6000:6003/tcp
sudo ufw allow 6000:6003/udp

Deny Specific Connections

In case you are interested in preventing individual connections, then all you need to do is just swap “allow with “deny in any of the above commands.

For example, let’s say you have seen suspicious activities coming from an IP address 1.10.184.53. In that case, you can use this command to prevent that IP address from connecting with your system:

sudo ufw deny from 1.10.184.53

Configure UFW for IPv6

All the commands we discussed above assume that you are using IPv4. In case your server is configured for IPv6, then you also need to configure UFW to support IPv6. This is done using the following command:

sudo nano /etc/default/ufw

Check and make sure that the value for IPv6 is set to Yes. It should look like this:

Enable IPv6
Enabling IPv6

Now UFW and all the preconfigured rules will support both IPv4 as well as IPv6.

Delete a Specific UFW Rules

Now that you know how to create new rules for UFW, it is also time to learn how to delete specific rules to give you complete control over the firewall toolset.

In case you have set several rules and don’t remember all of them, you can use the following command to get a list of all your firewall rules.

sudo ufw status numbered

This will generate a numbered list of all the UFW rules that you have set up.┬áNow, let’s say you are looking to delete rule number 7. Then you can follow up with this command:

sudo ufw delete 7

Deleting a UFW rule
Deleting a UFW rule

Alternatively, if you already know which rule you want to delete then you can directly enter that into the command like this:

sudo ufw delete allow http

Note: If you have UFW configured for both IPv6 and IPv4, then the delete command is going to remove the rule for both instances.

Access the Firewall Logs

It is important to check your firewall logs from time to time. This will help you identify attacks, notice any sort of unusual activity in your network, and even troubleshoot firewall rules.

Now that being said, you must first enable UFW to create logs, which can be done using the following command:

sudo ufw logging on

The logs will be stored in /var/log/messages, /var/log/syslog, and /var/log/kern.log from where you can access them.

Disable/Reset UFW

If you wish to deactivate UFW along with all its rules, you can use this command:

sudo ufw disable

You will get a message like this:

Deactivating UFW
Deactivating UFW

You can then reactivate UFW using one of the commands discussed above:

sudo ufw enable

However, if you are looking to start afresh and delete all active rules, then you can simply reset UFW using this command:

sudo ufw reset

This should generate the following message, and UFW will be reset, removing all existing rules.

Reset UFW
Reset UFW

Wrapping Up

So this was our in-depth tutorial on how to enable and configure UFW on your Ubuntu. We hope that you found this guide useful and that it helped you in setting up a custom firewall for your Ubuntu system. We have covered all the basic rules and areas of control that you want from your firewall. Got any additional tips on the Ubuntu Firewall? Do let us know in the comments below.

Nitish.S
Nitish is a Technical Writer with five years of experience. He enjoys covering new tech and has a special love for Linux. He also has a keen interest in Blockchain and WordPress.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

STAY CONNECTED

23,414FansLike
377FollowersFollow
16SubscribersSubscribe

LATEST ARTICLES

Mastering the SQLite Database in Python

SQLite is a relational database management system based on the SQL language; it is a serverless, Zero-configuration database engine. It is one of the...

Basics of Working with the SQLite Database in Python

A database is one of the most useful and popular files for storing data; they can be used to store any kind of data, including text, numbers, images, binary data, files, etc. SQLite is a relational database management system based on the SQL language. It is a C library, and it provides an API to work with other programming languages, including Python. It does not require a separate server process to be run as needed in large database engines like MySQL and Postgresql.

5 Ways to Check the Linux Version

When most people talk of Linux, they are always referring to a Linux distribution. However, this is not the case. Linux itself is a kernel which acts as a bridge between user applications and the hardware. When we talk of a Linux distribution, we refer to an operating system developed from the Linux kernel. A distribution comes with a package manager, pre-installed applications, a Desktop Environment, and several more features.

Getting Started with Linux Operating System

The Linux operating system brings forth a vibrant mix of features and security, making it the best alternative to macOS or Windows operating systems. In this post, we will give you a master guide on Getting started with Linux systems - taking you from a complete beginner to a level where you can begin testing the various Linux distributions available with much ease.

How to Create a Comprehensive Mail Server on Ubuntu

Postal is a free and open-source mail server used to send and receive emails. It comes loaded with tons of excellent features and functionalities, making it extremely popular among large organizations as well as in enterprise settings.

The 10 Best Linux Performance Monitoring Tools

Do you want to monitor the performance of your Linux system? Are you looking for some powerful performance monitoring tools to help you out? If you agree, it's your day as we have put together a detailed list of the ten best Linux performance monitoring tools.

MUST READ

Buyers who wish to go for a machine that is based on Linux often show interest in Chromebooks due to the form factor and extended battery life capabilities. Although ChromeOS power these machines, users can still miss out on a more genuine Linux experience. For those who happen to agree, the new Lemur Pro by System76 might get some heads turning.
Linux is growing faster than ever. As per the latest report, there is a drop in the Windows 10 market share for the first time, and Linux's market share has improved to 2.87% this month. Most of the features in the list were rolled out in the Pop OS 20.04. Let's a detailed look into the new features, how to upgrade, and a ride through video.

VIDEO: Linux Lite 4.8 Features and Desktop Tour

Linux Lite eases Windows 7 users transition to Linux much more comfortable by offering simple software like Team Viewer, VLC, Firefox, TimeShift backup utility, and a full Microsoft Office compatible office suite in LibreOffice.

The 10 Best Linux Performance Monitoring Tools

Do you want to monitor the performance of your Linux system? Are you looking for some powerful performance monitoring tools to help you out? If you agree, it's your day as we have put together a detailed list of the ten best Linux performance monitoring tools.

5 Best Ways to Free up Hard Disk Space in Ubuntu

Hard disk space can easily get filled up with cached package files, old kernels, and other obsolete files that occupy unwanted hard disk space. Here are top five best and safer ways to clean and free up hard disk space in Ubuntu. We show you Terminal and GUI way of cleaning up system.

5 Best Application Launchers for Ubuntu

Ubuntu is one of the most used Linux distributions worldwide. It is also the reason why it has the maximum number of available programs for itself. Today we are going to talk about one category of those programs, the application launchers.