Using UFW on Ubuntu 18.04

Install UFW

UFW is installed by default in Ubuntu 18.04, but you can verify this:

which ufw

You should receive the following output:

/usr/sbin/ufw

If you don’t receive output, that means that UFW is not installed. You can install it yourself if this is the case:

sudo apt-get install ufw

Allow connections

Type the following command to allow port connections to your server (in this case, the port is 80)

sudo ufw allow 80/tcp

In general, you can allow any port you need by using the following format:

sudo ufw allow <port>/<optional: protocol>

Deny connections

If you need to deny access to a certain port, use the deny command:

sudo ufw deny <port>/<optional: protocol>

Allow Port Ranges

Instead of allowing access to single ports UFW allows us to allow access to port ranges. When allowing port ranges with UFW, you must specify the protocol, either tcp or udp. For example, if you want to allow ports from 7100 to 7200 on both tcp and udp then run the following command:

sudo ufw allow 7100:7200/tcp
sudo ufw allow 7100:7200/udp

Allow Specific IP Addresses

To allow access on all ports from your home machine with IP address of 64.63.62.61, specify from followed by the IP address you want to whitelist:

sudo ufw allow from 64.63.62.61

Allow Specific IP Addresses on Specific port

To allow access on a specific port let’s say port 22 from your work machine with IP address of 64.63.62.61, use to any port followed by the port number:

sudo ufw allow from 64.63.62.61 to any port 22

Allow Connections to a Specific Network Interface

To allow access on a specific port let’s say port 3360 only to specific network interface eth2, then you need to specify allow in on and the name of the network interface:

sudo ufw allow in on eth2 to any port 3306

Delete UFW Rules

There are two different ways to delete UFW rules, by rule number and by specifying the actual rule.  Deleting UFW rules by rule number is easier especially if you are new to UFW. To delete a rule by a rule number first you need to find the number of the rule you want to delete, you can do that with the following command:

sudo ufw status numbered
output
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 80/tcp                     ALLOW IN    Anywhere
[ 3] 8080/tcp                   ALLOW IN    Anywhere

To delete rule number 3, the rule that allows connections to port 8080, use the following command:

sudo ufw delete 3

The second method is to delete a rule by specifying the actual rule, for example if you added a rule to open port 8069 you can delete it with:

sudo ufw delete allow 8069

Disable UFW 

If for any reason you want to stop UFW and deactivate all the rules you can use:

sudo ufw disable

Reset UFW

Resetting UFW will disable UFW, and delete all active rules. This is helpful if you want to revert all of your changes and start fresh.

To reset UFW simply type in the following command:

sudo ufw reset

Conclusion 

You have learned how to install and configure UFW firewall on your Ubuntu 18.04 server. Be sure to allow all incoming connections that are necessary for proper functioning of your system, while limiting all unnecessary connections.

 

 

On this page