• Home
  • Linux
  • Ubuntu
  • Debian
  • CentOS
  • Linux Commands
  • About Us
  • Donate
TecNStuff
Menu
  • Home
  • Linux
  • Ubuntu
  • Debian
  • CentOS
  • Linux Commands
  • About Us
  • Donate

How to Setup a Firewall with UFW on Ubuntu 22.04

Written by Admin, Updated On January 21, 2023
firewall, iptables, security, ubuntu, ufw
How to Install Set Up Firewall on Ubuntu 22.04

Firewall utility is used to secure your network traffic. It filters the incoming and outgoing requests by set of security rules. This guide will help you to setup a Firewall using UFW on Ubuntu 22.04.

UFW, or Uncomplicated Firewall is included with Ubuntu 22.04 system. It’s very simple interface for managing iptables firewall rules. UFW may be the right choice, if you don’t have more knowledge about firewall rules.

Prerequisites#

Make sure you have logged in as non-root user with sudo privileges.

Installing UFW#

At first, you have to update the package index list and then install ufw package:

sudo apt update
sudo apt install ufw

UFW won’t start immediately and getting lock out like other services.

To check the status of UFW, issue below given command:

sudo ufw status verbose

Output should show like below:

Status: inactive

Set Up Default Policies#

Initially, UFW is set to deny all incoming connections and allow all outgoing connections. It means anyone trying to reach your server would not be able to connect, while any application within the server would be able to reach the outside world.

The default polices are defined in the /etc/default/ufw file and you can change using below command:

Syntax,

sudo ufw default <policy> <chain>

Allow SSH Connections#

Once the UFW firewall enabled, it would deny all incoming connections. Make sure that before enabling the UFW firewall, you need to allow incoming SSH connections. Otherwise you will not be able to connect to your server remotely.

To accept SSH connections configure your UFW firewall using following command:

sudo ufw allow ssh
Rules updated
Rules updated (v6)

If your SSH server is configured on a port different port than the default port 22, you will need to open that port.

For instance, your ssh server listening on port 6541, you should run:

sudo ufw allow 6541/tcp

Enabling UFW#

At this stage, your firewall is configured to allow incoming SSH connections, you can enable it.

sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

It will prompt you a warning that command may disrupt existing SSH connections. We already set up a firewall rule that allows SSH connections, so it should be fine to continue. Type y and hit Enter key.

Allowing Ports#

You may allow other port depending your other installed application on your server. Below are some of examples which are commonly used.

Open port 80 – HTTP#

To allow HTTP connections to server run:

sudo ufw allow http

You can use port 80 instead of http profile, type:

sudo ufw allow 80/tcp

Open port 443 – HTTPS#

Allow HTTPS connections by typing:

sudo ufw allow https

Port 443 is for https profile, you can use use it by:

sudo ufw allow 443/tcp

Port Ranges#

You can allow port range with UFW. For example, some of applications are using multiple points instead of single port. To allow ports from 5000 to 5300, use below command:

sudo ufw allow 5000:5300/tcp
sudo ufw allow 5000:5300/udp

Make sure for port range, you should allow for both tcp and udp.

Specific IP Addresses#

In UFW you can allow access from a specific ip address. Use ufw allow from command followed by the IP address:

sudo ufw allow from 102.51.44.22

Allowing Specific IP Addresses and Port#

To allow access on a specific port, for instance, allow port 22 from your system with IP address of 102.51.44.22 use the following command:

sudo ufw allow from 102.51.44.22 to any port 22

Subnets#

You also can allow connection from a subnet mask of IP addresses. For example, if you want to allow access for IP addresses ranging from 102.51.44.22 to 102.51.44.66 to port 3306 (MySql) you can use this command:

sudo ufw allow from 102.51.44.0/24 to any port 3306

Specific Network Interface#

If you want to create a firewall rule that only applies to a specific network interface, you can do so by specifying allow in on, followed by the name of the network interface.

sudo ufw allow in on eth1 to any port 3306

Deny Connections#

The default policy for all incoming connections is set to deny. It means UFW will block all incoming connections unless you allow the connection for specific port.

Sometimes, it required to block requests from a specific ip address or subnet, due to malicious attacked to your server. For example, your server is being attacked from 33.44.55.0/24 network. Deny all connections from 33.44.55.0/24, use the following command:

sudo ufw deny from 33.44.55.0/24

For deny from a specific IP address, type:

sudo ufw deny from 33.44.55.66

Deleting Rules#

You can delete rules by rule number or by specifying the actual rule.

To delete rule by number, first you should find the number for which you want to delete. To do that run following command:

sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22                         ALLOW IN    44.33.22.0/24
[ 2] 80                         ALLOW IN    Anywhere

Use the below command to delete rule number 1:

sudo ufw delete 1

Second method is delete by actual rule. For example, if you want to remove the allow http rule, you could write it like this:

sudo ufw delete allow http

Disable & Reset UFW#

If don’t want to active the UFW, you can make disable it by:

sudo ufw disable

Again to re-enable UFW and activate all rules just type:

sudo ufw enable

By resetting UFW, it will disable UFW and delete all active rules. It will be helpful when you want to revert all of your changes and start as a fresh.

To reset UFW simply type in the following command:

sudo ufw reset

Conclusion#

In this tutorial we explained how to setup and configure UFW firewall on your Ubuntu 22.04 system. It’s recommend that only allow ports which your server needs and deny all other for server security. Visit the UFW man page for more information.

Feel free to leave a comment below.

If our content helps you, please consider buying us a coffee

Thank you for your support.

Share On
Share on Facebook
Share on Twitter
Share on Reddit
Share on Tumblr
 Previous Article How to Set Up Nginx Server Blocks on Ubuntu 22.04
Next Article   How to Install MariaDB on Debian 11 Bullseye

Related Posts

  • How to Install Apache, MySQL, PHP (LAMP) on Ubuntu 22.04

    How to Install LAMP on Ubuntu 22.04

    March 20, 2023
  • How to Install LEMP Stack on Ubuntu 22.04

    How to Install LEMP Stack on Ubuntu 22.04

    March 18, 2023
  • How to Install Memcached on Ubuntu 22.04

    How to Install Memcached on Ubuntu 22.04

    March 16, 2023

Leave a Reply Cancel reply

DigitalOcean Referral Badge

Popular Posts

  • How to Install Microsoft Edge Browser on Ubuntu 22.04
    How to Install Microsoft Edge Browser on Ubuntu 22.04 March 14, 2023
  • How to Install Ruby on Ubuntu 22.04 LTS
    How to Install Ruby on Ubuntu 22.04 LTS February 27, 2023
  • How to Install LEMP Stack on Ubuntu 22.04
    How to Install LEMP Stack on Ubuntu 22.04 March 18, 2023
  • How to Install Set Up Apache Virtual Hosts on Ubuntu 22.04
    How to Set Up Apache Virtual Hosts on Ubuntu 22.04 March 2, 2023
  • How to Install MariaDB on Debian 11 Bullseye
    How to Install MariaDB on Debian 11 Bullseye March 8, 2023
© 2020 TecNStuff All rights reserved. This website is using and storing cookies on your browser. By using this website you agree our Privacy Policy.  Follow us -  Twitter | Facebook