How to use UFW

Common commands for UFW

Environment: Ubuntu Server environment.

 

UFW is the firewall that is packaged with Ubuntu.  Instead of using iptables to manage the rules, UFW is called.  Here are some common UFW commands:

 

Checking the current ruleset

 

     #sudo ufw status verbose

Blocking an IP Address

 

     #sudo ufw deny from 1.2.3.4

 

Blocking connections from a specific IP address, or to a specific network interface

 

     #sudo ufw deny in on eth0 from 1.2.3.4

 

Services

 

Allow SSH or anything else

 

     #sudo ufw allow ssh  OR

 

     #sudo ufw allow 22

 

Allow Incoming SSH from Specific IP Address or Subnet

 

     #sudo ufw allow from 1.2.3.0/24 to any port 22

Http(s)

 

Allow incoming http over 80 and 443

 

     #sudo ufw allow proto tcp from any to any port 80,443

 

When allowing multiple ports like this, you need to specify the protocol that will be used.  Here you can see the "proto" argument followed by "tcp"

 

Allow a service to Specific Network Interface

 

To allow any service, MySQL in this example,  connections to a specific network interface, use the following syntax:

 

     #sudo ufw allow in on eth1 to any port 3306

 

Change the port as needed for a different service.

Blocking any port from outbound communication  

 

     #sudo ufw deny out 25

 

Change the port to suit your needs

Deleting a rule

 

     #sudo ufw delete allow ssh  OR

 

     #sudo ufw delete deny out 25

Restart UFW

 

Be sure to restart after changing/ making rules so that they take effect.

 

     #sudo ufw disable

 

     #sudo ufw enable

 

 

You can see all ports and their service names in the file "/etc/services".

 

 

 

Was this article helpful?
0 out of 0 found this helpful

Have more questions? Contact our support instantly via Live Chat