Getting started with UFW (Uncomplicated Firewall) Ubuntu CLI

This is a quick reference guide about getting started with UFW (Uncomplicated Firewall) Ubuntu CLI

1.Check the status of the firewall

ufw status

root@FTP:~# ufw status
Status: inactive

IMPORTANT! Please see step 2 before enabling the firewall

root@FTP:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
22/tcp (v6)                ALLOW       Anywhere (v6)

ufw status verbose – gives more information about the firewall status.

root@FTP:~# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere
22/tcp (v6)                ALLOW IN    Anywhere (v6)


2. Enabling ufw

2.1 CAUTION! Before enabling your firewall make sure that you have added a policy to allow SSH.

root@FTP:/etc/ufw# ufw  allow ssh
Rules updated
Rules updated (v6)

You can check this has been added in the following file: /etc/ufw/user.rules

nano /etc/ufw/user.rules

]

### RULES ###

### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp --dport 22 -j ACCEPT

2.2 ufw enable

ufw enable

3. Adding ufw rules

3.1 Basic ufw rule examples

The below rules will be from any source to a specific port on the local server.

root@FTP:~# ufw allow http
Rule added
Rule added (v6)
root@FTP:~# ufw allow https
Rule added
Rule added (v6)
root@FTP:~# ufw allow ftp
Rule added
Rule added (v6)
root@FTP:~# ufw allow tftp
Rule added
Rule added (v6)
root@FTP:~# ufw allow snmp
Rule added
Rule added (v6)
root@FTP:~# ufw allow sftp
Rule added
Rule added (v6)
root@FTP:~# ufw allow smtp
Rule added
Rule added (v6)
root@FTP:~# ufw allow 3389
Rule added
Rule added (v6)

3.2 Check ufw rules

root@FTP:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
21/tcp                     ALLOW       Anywhere
69/udp                     ALLOW       Anywhere
161                        ALLOW       Anywhere
115/tcp                    ALLOW       Anywhere
25/tcp                     ALLOW       Anywhere
3389                       ALLOW       Anywhere

3.3 Source and destination specific ufw rules

root@FTP:~# ufw allow from 10.0.125.0/24 to any
Rule added
root@FTP:~# ufw allow from 10.0.130.0/24 to any  port sftp
Rule added
root@FTP:~# ufw status
Anywhere                   ALLOW       10.0.125.0/24
115/tcp                    ALLOW       10.0.130.0/24

4. Delete ufw rules

root@FTP:~# ufw delete allow https
Rule deleted
Rule deleted (v6)
root@FTP:~#

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s