Skip to main content

Introduction to UFW

UFW (Uncomplicated Firewall) is a user-friendly interface for managing iptables firewall rules on Linux systems. It’s particularly well-suited for Debian and Ubuntu servers, providing a simplified way to configure your system’s firewall.

Installation

Install UFW using the following command: 
sudo apt update
sudo apt install ufw

Basic UFW Commands

Check UFW Status

sudo ufw status
This command shows if UFW is active and lists all current rules. For a more detailed view, use: 
sudo ufw status verbose

Enable and Disable UFW

Before enabling UFW, ensure you have configured rules to allow SSH access (port 22) to prevent being locked out of your server.
To enable UFW: 
sudo ufw enable
To disable UFW: 
sudo ufw disable

Managing Basic Rules

Allow Incoming Connections

Allow specific ports: 
sudo ufw allow 22    # Allow SSH
sudo ufw allow 80    # Allow HTTP
sudo ufw allow 443   # Allow HTTPS
Allow specific services by name: 
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https

Deny Incoming Connections

Deny specific ports: 
sudo ufw deny 23     # Deny Telnet

Delete Rules

Delete rules by number:
  1. List rules with numbers:
sudo ufw status numbered
  1. Delete a specific rule:
sudo ufw delete [number]
Delete rules by specification: 
sudo ufw delete allow 80

Advanced Configuration

Allow Specific IP Addresses

Allow a specific IP address: 
sudo ufw allow from 203.0.113.4
Allow an IP address to access a specific port: 
sudo ufw allow from 203.0.113.4 to any port 22

Configure Default Policies

Set default policies for incoming and outgoing traffic: 
sudo ufw default deny incoming
sudo ufw default allow outgoing

Best Practices

  1. Always Allow SSH First Before enabling UFW, ensure SSH access is allowed: 
    sudo ufw allow ssh
  2. Use Specific Rules Instead of allowing all traffic to a port, specify the service and protocol: 
    sudo ufw allow 80/tcp
  3. Regular Audits Regularly review your firewall rules: 
    sudo ufw status verbose
  4. Backup Rules Backup your UFW rules periodically: 
    sudo cp /etc/ufw/user.rules /etc/ufw/user.rules.backup

Common Configuration Examples

Basic Web Server Setup

# Allow SSH, HTTP, and HTTPS
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https

Database Server Setup

# Allow MySQL/MariaDB from specific IP
sudo ufw allow from 203.0.113.4 to any port 3306

Rate Limiting

Enable rate limiting for SSH to prevent brute force attacks: 
sudo ufw limit ssh

Troubleshooting

If you encounter issues:
  1. Check UFW Status 
    sudo ufw status verbose
  2. View UFW Logs 
    sudo tail -f /var/log/ufw.log
  3. Reset UFW If needed, reset UFW to default settings: 
    sudo ufw reset

Conclusion

UFW provides a straightforward way to manage your firewall rules on Debian and Ubuntu systems. Remember to always configure SSH access before enabling the firewall, and regularly audit your rules to maintain security. For more advanced configurations, consult the UFW documentation.
Last modified on January 28, 2026