How to Setup UFW Firewall on Ubuntu 18.04

By default, Ubuntu comes with firewall configuration tool which is called as UFW. UFW stands for Uncomplicated Firewall used to manage firewall rules in Ubuntu. In this tutorial, described how to setup UFW firewall on Ubuntu.

Prerequisites#

Before going to ahead and configure UFW on Ubuntu 18.04, you should logged in as non-root user with sudo privileges.

Install UFW#

As we described above that UFW is installed in Ubuntu by default. For any reason you have uninstalled then you should first install UFW to your Ubuntu system.

sudo apt install ufw

Check UFW Status#

You can check the status of ufw once the installation is finished. For that run the below command:

sudo ufw status verbose

If you never activated UFW before then it will show output as inactive because by default, UFW is disabled:

Output
Status: inactive

Once you will activated UFW then status output will show as below:

Output
Status: active
To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
22 (v6)                    ALLOW       Anywhere (v6)

Enable UFW#

If UFW is not enabled on your system then you can do it easily by typing:

sudo ufw enable

Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

It will show warning that it may disrupt existing ssh connections if enabling the firewall. Press y and hit Enter to continue.

Now if you want to check status you can check again and it should show activated.

Set UFW Default Policies#

UFW will block all of the incoming connections and allow all outbound connections. Commonly, we need only some of ports open for incoming connections and block all other ports. The default polices are defined in the /etc/default/ufw file. Using UFW you can set and manage this type of rules polices.

Use below command to deny all incoming connections to your system:

sudo ufw default deny incoming

To allow all outgoing connections type following in terminal.

sudo ufw default allow outgoing

Add Rules to UFW#

It is very easy to add rules for any service or port numbers. Following is the basic syntax to add rule for any port.

sudo ufw ACTION PORT_NUMBER

Here, ACTION should replace with deny or allowed and PORT_NUMBER is the number of port for which you want to set rule.

Allow SSH Connections Port 22#

To allow incoming and outgoing connections on port 22 (SSH) run below command:

sudo ufw allow 22

You also can run command with the service name as below:

sudo ufw allow ssh

It will show output as below:

Output
Rule added
Rule added (v6)

Open port 80 – HTTP#

You can allow HTTP connections using below command:

sudo ufw allow http

Instead of http you can use the port number, 80:

sudo ufw allow 80/tcp

Open port 443 – HTTPS#

If your website using SSL then your server should open 443 port to allow connections over it. Run below command to allow port 443:

sudo ufw allow https

Same as http your can use port number instead of service name:

sudo ufw allow 443/tcp

Deny Traffic on Port 972#

You can deny traffic on specific port using below command:

sudo ufw deny 972

Deleting rules#

If you have added any rule and no need more now then you can delete it easily using delete action. For example, if we don’t want rule for https then run below command to delete rule for https:

sudo ufw delete allow 443

Allow Specific IP Addresses#

If you want allow connections from a specific IP address for all ports then just need to specify IP address as given below:

sudo ufw allow from 1.83.43.125

It will add that IP address to whitelist.

Allow Specific IP Addresses on Specific port#

If you have requirement that specific IP address should allow connections for specific ports only then run below command:

sudo ufw allow from 1.83.43.125 to any port 22

In above command you can see that we have followed port number after IP address to allow for specific port. So connections from 1.83.43.125 are allowed only for port 22.

Deny Specific IP Addresses#

To deny all the connections from a specific IP address, you need to specify IP address with deny option as given below:

sudo ufw deny from 1.83.43.125

It will add that IP address to blacklist.

Deny Specific IP Addresses on Specific port#

When you want to deny connections from specific IP address for specific ports only then you can do it by run below command:

sudo ufw deny from 1.83.43.125 to any port 22

You can see in above command we have given port number after IP address to deny for specific port. Thus, connections from 1.83.43.125 are deny only for port 22.

Disable UFW#

If you have requirement to disable UFW then you can simple do it by run below command:

sudo ufw disable

Reset UFW#

If you messed up rules and want to start again then reset UFW will help. It will disable UFW and delete all the current rules. To reset UFW type following command:

sudo ufw reset

Logging in UFW#

You can enable or disable logging in UFW with three levels. Default log level is low out of low, medium and high.

Type below command to enable logging:

sudo ufw logging on

Conclusion#

You have learned complete details about setup UFW on Ubuntu 18.04 system. It advised to deny all the incoming connections except necessary ports.

If you have any question or facing issue with setup UFW then comment below.