How-to setup a simple UFW firewall on Ubuntu

Please follow and like us:

We all need to install some form of firewall to secure our systems from any malicious activity. Not just our servers and VPS machines, but also our laptops which we access on public networks. UFW (Uncomplicated FireWall) is an ideal solution for setting up a firewall on your system.

UFW firewall is completely open source and is actually built on top of the iptables making it easier for us to manage and run the firewall.

This is the third article in the series on “Systems Security”. Here we discuss UFW firewall implementation on your system. The articles in the System Security series are listed below.

  1. How to setup SSH keys based authentication
  2. How to disable password based authentication
  3. How to setup UFW Firewall (current article)

Install UFW on Debian/Ubuntu based systems

If you have a Debian based distro like Ubuntu then type the following command to install ufw firewall from the default repository

That’s it. UFW firewall is now installed and ready to be used.

Configuring UFW to Defaults

Run the following commands to configure ufw firewall to standard settings. These are usually the default settings for UFW but we run them on command line to reconfirm the settings.

The first command stops all incoming traffic from accessing any resources from outside the machine. In other words, anyone snooping in or trying to break into your system will be denied access.

The second command will allow all traffic from our system to travel as normal anywhere on LAN/Internet.

These settings are ideal for your laptop whereby you can access resources on the internet but no one from outside can access anything on your system.

Allow Specific Traffic In UFW

To configure UFW firewall to accept traffic on certain ports then we need to specify the port with the command as listed below.

The above command will allow port 80 to be open for both incoming and outgoing connections. By default, port 80 is used by web servers like Apache

You can also specify services by name like the following

This will open up port 21 automatically. UFW uses the file on your linux machine (/etc/services) to look up ports for services defined. If it exists in the file, it will perform the necessary action.

You can also specify port ranges. Say you have an application that uses ports from 8020 – 8050 then you can specify it the following way

Managing UFW Services via IP Addresses

If you want to allow certain IP addresses then the following would do

If you prefer to only allow one service. Say, MySQL database running on port 3306

How to Deny Connections

We may have a situation whereby we will need to deny connections. Say all web traffic be blocked off.

We can also deny traffic from a specific IP address like the following:

How to delete UFW firewall rules

The easiest method is to use the numbered approach. Type the following command

It will give you al list of rules, numbered, that are implemented. Just select the rule you want to delete and type the following:

You can also simply specify the known service or port and delete the rule. However, in such a case you will now to specify the exact rule “allow http” or “deny http” clearly when deleting the rule.

To enable / Disable UFW firewall

This command will give you the current status of your firewall. If it is enabled or disabled.
You can also enable or disable it by using one of the following commands.

The disabling will simply close the firewall but will not remove your custom rules. However, if you want to reset the firewall and start from scratch again, the use the following command.

This will delete all rules and policies and reset the firewall to default settings.

That’s it. Enjoy setting it up on your server, laptop or IoT devices.

Please follow and like us:

Techie by day, blogger by night. Love the outdoors, enjoy traveling and building new and interesting things. Follow me if you want to know something.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.