Introduction
The Uncomplicated Firewall (ufw) is a frontend for iptables and is particularly well-suited for host-based firewalls. ufw provides a framework for managing netfilter, as well as a command-line interface for manipulating the firewall. ufw aims to provide an easy to use interface for people unfamiliar with firewall concepts, while at the same time simplifies complicated iptables commands to help an administrator who knows what he or she is doing[1].
In this tutorial, you will learn how to set up a firewall with UFW on Ubuntu 14.04.
Requirements
- Ubuntu-14.04 installed on your system
- A non-root user account with sudo privilege set up on your system
Installing UFW
By default, UFW is installed in Ubuntu-14.04. But if anything, you can install it yourself by running the following command.
sudo apt-get install ufw
Before starting, you should check whether UFW is running or not. You can do this by running the following command:
sudo ufw status
You should see the following output:
Status: inactive
If you see above output, it means it’s not active. You can enable it by just typing the following command:
sudo ufw enable
You should see the following output:
Firewall is active and enabled on system startup
To disable it, run the following command:
sudo ufw disable
List current ufw rules
You can list the default firewall rules by running the following command:
sudo ufw status verbose
You should see the following output:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
You should see that by default every incoming connection is denied.
Allow connections
If you want to access your system from remote machine then you will need to allow SSH connection. You can allow SSH by running the following command:
sudo ufw allow ssh
or
sudo ufw allow 22/tcp
Output:
Rule added Rule added (v6)
Now, check the status of UFW:
sudo ufw status
You should see the output like this:
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
22/tcp ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
Deny connections
If you want to deny access to certain port then you can use the following format:
sudo ufw deny "<port>/<protocol>"
For example, you can deny access to port 80 by running the following command:
sudo ufw deny 80/tcp
Allow Specific Port Range
You can also add port-range into the rule. For example, if you want to allow port from 2200 to 2300 with tcp protocol then run the following command:
sudo ufw allow 2200:2300/tcp
Now, check the status for the UFW:
sudo ufw status
You should see the following output:
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
22/tcp ALLOW Anywhere
80/tcp DENY Anywhere
2200:2300/tcp ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) DENY Anywhere (v6)
2200:2300/tcp (v6) ALLOW Anywhere (v6)
Allow access from Specific IP Address
You can also allow access to specific port from specific IP address. For example, if you want to allow IP 192.168.0.15 to access only port 22 then run the following command:
sudo ufw allow from 192.168.0.15 to any port 22
Deleting Rules
You can also delete specific UFW rules. First, you will need to list UFW rules then you can remove it. Run the following command to list out UFW rules:
sudo ufw status numbered
Output:
Status: active
To Action From
-- ------ ----
[ 1] 22 ALLOW IN Anywhere
[ 2] 22/tcp ALLOW IN Anywhere
[ 3] 80/tcp DENY IN Anywhere
[ 4] 2200:2300/tcp ALLOW IN Anywhere
[ 5] 22 ALLOW IN 192.168.0.15
[ 6] 22 (v6) ALLOW IN Anywhere (v6)
[ 7] 22/tcp (v6) ALLOW IN Anywhere (v6)
[ 8] 80/tcp (v6) DENY IN Anywhere (v6)
[ 9] 2200:2300/tcp (v6) ALLOW IN Anywhere (v6)
Now, to remove any of these rules, you will need to use these numbers.
sudo ufw delete [number]
For example, if you want to remove third number rule then run the following command:
sudo ufw delete [3]
If you need to go back to default settings, simply type in the following command. This will revert any of your changes.
sudo ufw reset
References
[1] https://wiki.ubuntu.com/UncomplicatedFirewall
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become a Linux expert?
Here is our hand-picked selection of the best courses you can find online:
Linux Mastery course
Linux Administration Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial