The Uncomplicated Firewall (UFW) is a tool available in Ubuntu distribution to configure iptables. In other words, it is a front-end for iptables. The tool enables us to set up a host-based firewall. A host-based firewall is best suited for individual devices which are connected to internet. With host-based firewalls we could protect our devices from potential threats like viruses, malware, hackers etc. Although, the package for UFW is available in Ubuntu distributions but it is not enabled by default. And, in some cases we need to install the package also. Therefore, first we will discuss how to install the relevant package. Thereafter, we would discuss how to configure Uncomplicated Firewall (UFW) in Ubuntu distributions.
Following operations would require you to have superuser privileges. In case you don't have one, then contact your System Administrator for assistance.
Install UFW in Ubuntu
Installing Uncomplicated Firewall (UFW) is pretty straight-forward. All we need to do is issue the following in terminal -
sudo apt update sudo apt install ufw
Once the installation gets completed, check the status of ufw. By default, ufw is in inactive state.
sudo ufw status
Configure Uncomplicated Firewall (UFW) in Ubuntu
First, we need to enable the firewall. Therefore, issue the following in terminal -
sudo ufw enable
Next, we need to check the status of ufw managed rules.
sudo ufw status verbose
It would return with the message -
Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip
Observe, by default all incoming connections have been denied while all outgoing connections have been allowed.
Though already set, we could issue following command to set the default configuration -
sudo ufw default deny incoming sudo ufw default allow outgoing
For most users, the default configuration is more than enough. But for advanced users, default configuration will not suffice. For instance, if we want to allow SSH connections then we need to create a rule which allows SSH service. This could be done by -
sudo ufw allow ssh
To confirm whether ssh connections have been allowed or not -
sudo ufw status verbose
and, the output should resemble -
Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 22/tcp ALLOW IN Anywhere 22/tcp (v6) ALLOW IN Anywhere (v6)
To delete a rule, add delete prefix to the existing rule -
sudo ufw delete allow ssh
Similarly, we could create or delete rules for other protocols too. The syntax comes out to be -
To allow a specific rule-
sudo ufw allow <port>/<optional-protocol>
To deny a specific rule-
sudo ufw deny <port>/<optional-protocol>
sudo ufw allow 53/tcp sudo ufw deny 53/udp
For port ranges -
sudo ufw allow 99:999/tcp
We can also allow/deny connection from a specific ip -
sudo ufw allow from <ip-address> sudo ufw deny from <ip-address>
sudo ufw allow from 192.168.100.1 sudo ufw deny from 192.168.100.1
Allow/Deny connection by specific port and ip address-
sudo ufw allow from <target> to <destination> port <port-number> sudo ufw deny from <ip-address> to <protocol> port <port-number>
sudo ufw allow from 192.168.100.1 to any port 22 sudo ufw deny from 192.168.100.1 to any port 22
Sometimes, it necessary to let the sender know that its traffic is being denied. In such cases, use reject instead of deny.
In conclusion, we discussed a bit about Uncomplicated Firewall (UFW) in Ubuntu. Through the command-line tool we can manage Linux firewall with ease.