How to set up a Firewall with UFW on Ubuntu 20.04

Estimated reading: 3 minutes 72 views

UFW, or Uncomplicated Firewall, is a simplified firewall management interface that hides the complexity of lower-level packet filtering technologies such as iptables and nftables. If you’re looking to get started securing your network, and you’re not sure which tool to use, UFW may be the right choice for you.

Install UFW

UFW is installed by default in Ubuntu 20.04, but you can verify this:

which ufw

You should receive the following output:

/usr/sbin/ufw

If you don’t receive output, that means that UFW is not installed. You can install it yourself if this is the case:

apt-get install ufw

Allow connections

Type the following command to allow port connections to your server (in this case, the port is 80)

ufw allow 80/tcp

In general, you can allow any port you need by using the following format:

ufw allow <port>/<optional: protocol>

Deny connections

If you need to deny access to a certain port, use the deny command:

ufw deny <port>/<optional: protocol>

Allow Port Ranges

Instead of allowing access to single ports UFW allows us to allow access to port ranges. When allowing port ranges with UFW, you must specify the protocol, either tcp or udp. For example, if you want to allow ports from 7100 to 7200 on both tcp and udp then run the following command:

ufw allow 7100:7200/tcp
ufw allow 7100:7200/udp

Allow Specific IP Addresses

To allow access on all ports from your home machine with IP address of 64.63.62.61, specify from followed by the IP address you want to whitelist:

ufw allow from 64.63.62.61

Allow Specific IP Addresses on Specific port

To allow access on a specific port let’s say port 22 from your work machine with IP address of 64.63.62.61, use to any port followed by the port number:

ufw allow from 64.63.62.61 to any port 22

Allow Connections to a Specific Network Interface

To allow access on a specific port let’s say port 3360 only to specific network interface eth2, then you need to specify allow in on and the name of the network interface:

ufw allow in on eth2 to any port 3306

Delete UFW Rules

There are two different ways to delete UFW rules, by rule number and by specifying the actual rule.  Deleting UFW rules by rule number is easier especially if you are new to UFW. To delete a rule by a rule number first you need to find the number of the rule you want to delete, you can do that with the following command:

ufw status numbered

Output:

To delete rule number 3, the rule that allows connections to port 8080, use the following command:

ufw delete 3

The second method is to delete a rule by specifying the actual rule, for example if you added a rule to open port 8069 you can delete it with:

ufw delete allow 80

Disable UFW

If for any reason you want to stop UFW and deactivate all the rules you can use:

ufw disable

Reset UFW

Resetting UFW will disable UFW, and delete all active rules. This is helpful if you want to revert all of your changes and start fresh.

To reset UFW simply type in the following command:

ufw reset

Conclusion

You have learned how to install and configure UFW firewall on your Ubuntu 20.04 server. Be sure to allow all incoming connections that are necessary for proper functioning of your system, while limiting all unnecessary connections.


Leave a Comment