How to use UFW

Common commands for UFW

Environment: Ubuntu Server environment.


UFW is the firewall that is packaged with Ubuntu.  Instead of using iptables to manage the rules, UFW is called.  Here are some common UFW commands:


Checking the current ruleset


     #sudo ufw status verbose

Blocking an IP Address


     #sudo ufw deny from


Blocking connections from a specific IP address, or to a specific network interface


     #sudo ufw deny in on eth0 from




Allow SSH or anything else


     #sudo ufw allow ssh  OR


     #sudo ufw allow 22


Allow Incoming SSH from Specific IP Address or Subnet


     #sudo ufw allow from to any port 22



Allow incoming http over 80 and 443


     #sudo ufw allow proto tcp from any to any port 80,443


When allowing multiple ports like this, you need to specify the protocol that will be used.  Here you can see the "proto" argument followed by "tcp"


Allow a service to Specific Network Interface


To allow any service, MySQL in this example,  connections to a specific network interface, use the following syntax:


     #sudo ufw allow in on eth1 to any port 3306


Change the port as needed for a different service.

Blocking any port from outbound communication  


     #sudo ufw deny out 25


Change the port to suit your needs

Deleting a rule


     #sudo ufw delete allow ssh  OR


     #sudo ufw delete deny out 25

Restart UFW


Be sure to restart after changing/ making rules so that they take effect.


     #sudo ufw disable


     #sudo ufw enable



You can see all ports and their service names in the file "/etc/services".




Was this article helpful?
0 out of 0 found this helpful

Have more questions? Contact our support instantly via Live Chat