Firewall is a utility to secure your network traffic. It filters the incoming and outgoing requests by set of security rules. This tutorial will show you how to set up a firewall using UFW on Ubuntu 20.04.
UFW, or Uncomplicated Firewall is included with Ubuntu 20.04 system. It’s very simple interface for managing iptables firewall rules. UFW may be the right choice, if you don’t have more knowledge about firewall rules.
Make sure you have logged in as non-root user with sudo privileges.
Run the following command to update the index list and install
sudo apt update
sudo apt install ufw
UFW won’t start immediately and getting locked out like other services. You can check the status of UFW by typing:
sudo ufw status verbose
It will show like below:
Set Up Default Policies
Initially, UFW is set to deny all incoming connections and allow all outgoing connections. It means anyone trying to reach your server would not be able to connect, while any application within the server would be able to reach the outside world.
The default polices are defined in the
/etc/default/ufw file and you can change using below command:
sudo ufw default <policy> <chain>
Allow SSH Connections
Once the UFW firewall enabled, it would deny all incoming connections. Make sure that before enabling the UFW firewall, you need to allow incoming SSH connections. Otherwise you will not be able to connect to your server remotely.
To accept SSH connections configure your UFW firewall using following command:
sudo ufw allow ssh
Rules updated Rules updated (v6)
If your SSH server is configured on a port different port than the default port 22, you will need to open that port.
For instance, your ssh server listening on port
6541, you should run:
sudo ufw allow 6541/tcp
At this stage, your firewall is configured to allow incoming SSH connections, you can enable it.
sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y Firewall is active and enabled on system startup
It will prompt you a warning that command may disrupt existing SSH connections. We already set up a firewall rule that allows SSH connections, so it should be fine to continue. Type
y and hit
You may allow other port depending your other installed application on your server. Below are some of examples which are commonly used.
Open port 80 – HTTP
To allow HTTP connections to server run:
sudo ufw allow http
You can use port
80 instead of
http profile, type:
sudo ufw allow 80/tcp
Open port 443 – HTTPS
Allow HTTPS connections by typing:
sudo ufw allow https
443 is for
https profile, you can use use it by:
sudo ufw allow 443/tcp
You can allow port range with UFW. For example, some of applications are using multiple points instead of single port. To allow ports from
5300, use below command:
sudo ufw allow 5000:5300/tcp
sudo ufw allow 5000:5300/udp
Make sure for port range, you should allow for both
Specific IP Addresses
In UFW you can allow access from a specific ip address. Use
ufw allow from command followed by the IP address:
sudo ufw allow from 220.127.116.11
Allowing Specific IP Addresses and Port
To allow access on a specific port, for instance, allow port
22 from your system with IP address of
18.104.22.168 use the following command:
sudo ufw allow from 22.214.171.124 to any port 22
You also can allow connection from a subnet mask of IP addresses. For example, if you want to allow access for IP addresses ranging from
126.96.36.199 to port
3306 (MySql) you can use this command:
sudo ufw allow from 188.8.131.52/24 to any port 3306
Specific Network Interface
If you want to create a firewall rule that only applies to a specific network interface, you can do so by specifying allow in on, followed by the name of the network interface.
sudo ufw allow in on eth1 to any port 3306
The default policy for all incoming connections is set to deny. It means UFW will block all incoming connections unless you allow the connection for specific port.
Sometimes, it required to block requests from a specific ip address or subnet, due to malicious attacked to your server. For example, your server is being attacked from
184.108.40.206/24 network. Deny all connections from
220.127.116.11/24, use the following command:
sudo ufw deny from 18.104.22.168/24
For deny from a specific IP address, type:
sudo ufw deny from 22.214.171.124
You can delete rules by rule number or by specifying the actual rule.
To delete rule by number, first you should find the number for which you want to delete. To do that run following command:
sudo ufw status numbered
Status: active To Action From -- ------ ---- [ 1] 22 ALLOW IN 126.96.36.199/24 [ 2] 80 ALLOW IN Anywhere
Use the below command to delete rule number 1:
sudo ufw delete 1
Second method is delete by actual rule. For example, if you want to remove the allow
http rule, you could write it like this:
sudo ufw delete allow http
Disable & Reset UFW
If don’t want to active the UFW, you can make disable it by:
sudo ufw disable
Again to re-enable UTF and activate all rules just type:
sudo ufw enable
By resetting UFW, it will disable UFW and delete all active rules. It will be helpful when you want to revert all of your changes and start as a fresh.
To reset UFW simply type in the following command:
sudo ufw reset
In this tutorial we explained how to set up and configure UFW firewall on your Ubuntu 20.04 system. It’s recommended that only allow ports which your server needs and deny all other for server security. Visit the UFW man page for more information.
Feel free to leave a comment below.