X
    Categories: Guides

Set up a Firewall with UFW on Ubuntu


If you have an Ubuntu server and you like to control the incoming and outgoing network traffic you need to configure the firewall that is included with your system. Linux kernel includes the netfilter subsystem which is a system for packet filtering. The traditional interface for manipulating netfilter is via iptables, which is primarily a database of firewall rules. The Uncomplicated Firewall or ufw is a frontend for iptables and it makes the iptables firewall configuration and blocking IP addresses much easier. In this guide, we will show you how to set up a firewall using UFW on a Linux VPS running Ubuntu 16.04 as an operating system.

Before you start, you should make sure that ufw is installed and running on your server. If not, you can use the apt package manager to install it.

sudo apt-get install ufw

To enable ufw, you can use the command below:

sudo ufw enable

Once enabled, ufw will be active and will start on system boot. Please note that all the incoming connections will be denied by default while the outgoing connections will be allowed. To check the default configuration, you can use the following command:

sudo ufw show raw

Since the incoming connections to your Ubuntu VPS are blocked by your firewall, nobody would be able to connect to it, including you. Therefore, you will need to allow connections to SSH.

sudo ufw allow ssh

or

sudo ufw allow 22/tcp

where 22 is the port number where your SSH service is listening to.

Other services that may be enabled for incoming connections could be the following:

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 21/tcp

Using ufw, you can allow connections from specific IP addresses too. For that purpose you can use the following command:

sudo ufw allow from 111.111.111.111

where 111.111.111.111 is the IP address you would like to allow connections from.

To check the status, enter the command:

sudo ufw status

To delete a rule, you can prefix the original rule with delete. For example, to delete the rule you previously created enter the following command:

sudo ufw delete allow from 111.111.111.111

In case you would like to disable ufw, you can use:

sudo ufw disable

For more usage commands you can use the --help flag:

sudo ufw --help

The most commonly used ufw commands are the following:

 enable                          enables the firewall
 disable                         disables the firewall
 default ARG                     set default policy
 logging LEVEL                   set logging to LEVEL
 allow ARGS                      add allow rule
 deny ARGS                       add deny rule
 reject ARGS                     add reject rule
 limit ARGS                      add limit rule
 delete RULE|NUM                 delete RULE
 insert NUM RULE                 insert RULE at NUM
 route RULE                      add route RULE
 route delete RULE|NUM           delete route RULE
 route insert NUM RULE           insert route RULE at NUM
 reload                          reload firewall
 reset                           reset firewall
 status                          show firewall status
 status numbered                 show firewall status as numbered list of RULES
 status verbose                  show verbose firewall status
 show ARG                        show firewall report
 version                         display version information

Application profile commands:
 app list                        list application profiles
 app info PROFILE                show information on PROFILE
 app update PROFILE              update PROFILE
 app default ARG                 set default application policy

Of course you don’t have to do any of this if you use one of our Linux VPS hosting services, in which case you can simply ask our expert Linux admins to configure your firewall for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

View Comments