How to set up a Firewall with UFW on Ubuntu 20.04
UFW, or Uncomplicated Firewall, is a simplified firewall management interface that hides the complexity of lower-level packet filtering technologies such as iptables and nftables. If you’re looking to get started securing your network, and you’re not sure which tool to use, UFW may be the right choice for you.
Install UFW
UFW is installed by default in Ubuntu 20.04, but you can verify this:
which ufw
You should receive the following output:
/usr/sbin/ufw
If you don’t receive output, that means that UFW is not installed. You can install it yourself if this is the case:
apt-get install ufw
Allow connections
Type the following command to allow port connections to your server (in this case, the port is 80)
ufw allow 80/tcp
In general, you can allow any port you need by using the following format:
ufw allow <port>/<optional: protocol>
Deny connections
If you need to deny access to a certain port, use the deny
command:
ufw deny <port>/<optional: protocol>
Allow Port Ranges
Instead of allowing access to single ports UFW allows us to allow access to port ranges. When allowing port ranges with UFW, you must specify the protocol, either tcp
or udp
. For example, if you want to allow ports from 7100
to 7200
on both tcp
and udp
then run the following command:
ufw allow 7100:7200/tcp
ufw allow 7100:7200/udp
Allow Specific IP Addresses
To allow access on all ports from your home machine with IP address of 64.63.62.61, specify from
followed by the IP address you want to whitelist:
ufw allow from 64.63.62.61
Allow Specific IP Addresses on Specific port
To allow access on a specific port let’s say port 22 from your work machine with IP address of 64.63.62.61, use to any port
followed by the port number:
ufw allow from 64.63.62.61 to any port 22
Allow Connections to a Specific Network Interface
To allow access on a specific port let’s say port 3360 only to specific network interface eth2
, then you need to specify allow in on
and the name of the network interface:
ufw allow in on eth2 to any port 3306
Delete UFW Rules
There are two different ways to delete UFW rules, by rule number and by specifying the actual rule. Deleting UFW rules by rule number is easier especially if you are new to UFW. To delete a rule by a rule number first you need to find the number of the rule you want to delete, you can do that with the following command:
ufw status numbered
Output:
To delete rule number 3, the rule that allows connections to port 8080, use the following command:
ufw delete 3
The second method is to delete a rule by specifying the actual rule, for example if you added a rule to open port 8069
you can delete it with:
ufw delete allow 80
Disable UFW
If for any reason you want to stop UFW and deactivate all the rules you can use:
ufw disable
Reset UFW
Resetting UFW will disable UFW, and delete all active rules. This is helpful if you want to revert all of your changes and start fresh.
To reset UFW simply type in the following command:
ufw reset
Conclusion
You have learned how to install and configure UFW firewall on your Ubuntu 20.04 server. Be sure to allow all incoming connections that are necessary for proper functioning of your system, while limiting all unnecessary connections.