UFW, also known as Uncomplicated Firewall, is a Linux-based tool for managing firewalls. It uses a command-line interface and is specially designed to be easy to use. UFW is a frontend for iptables and provides a framework for managing netfilter.

UFW is an alternate tool for iptables that simplifies the process of configuring a firewall. While iptables is a very good and flexible tool, but it can be difficult for beginners to learn how to use it to properly configure a firewall.

Step 1 – Install UFW

UFW is installed by default on Ubuntu 18.04. If not, you can install it by running the following command:

apt-get update -y
apt-get install ufw -y

After installing UFW, the first thing you need to do is to check the help manual. You can run the following command to see the UFW help manual:

ufw --help

You should get the following output:

Usage: ufw COMMAND

Commands:
 enable                          enables the firewall
 disable                         disables the firewall
 default ARG                     set default policy
 logging LEVEL                   set logging to LEVEL
 allow ARGS                      add allow rule
 deny ARGS                       add deny rule
 reject ARGS                     add reject rule
 limit ARGS                      add limit rule
 delete RULE|NUM                 delete RULE
 insert NUM RULE                 insert RULE at NUM
 route RULE                      add route RULE
 route delete RULE|NUM           delete route RULE
 route insert NUM RULE           insert route RULE at NUM
 reload                          reload firewall
 reset                           reset firewall
 status                          show firewall status
 status numbered                 show firewall status as numbered list of RULES
 status verbose                  show verbose firewall status
 show ARG                        show firewall report
 version                         display version information

Application profile commands:
 app list                        list application profiles
 app info PROFILE                show information on PROFILE
 app update PROFILE              update PROFILE
 app default ARG                 set default application policy

Step 2 – Setting Up UFW Default Policies

The first thing you will need to do is to define your default policies. These policies control how to handle the traffic that does not explicitly satisfy other firewall rules. By default, UFW is configured to allow all outgoing connections and deny all incoming connections.

Let’s start by changing UFW’s settings back to the defaults. You can set up it with the following command:

ufw default deny incoming
ufw default allow outgoing

Step 3 – Allow SSH Connections

If you are using a cloud server, you will need to allow SSH connections before enabling the UFW firewall. This will allow you to connect and manage your server via SSH. Otherwise, you will no longer be able to connect to your cloud server.

Run the following command to configure your UFW firewall to allow incoming SSH connections.

ufw allow ssh

The above command will allow all incoming connections on port 22.

If you configured your SSH server to listen on a different port, then you will have to allow the appropriate port with UFW.

Now, enable the UFW firewall by running the following command:

ufw enable

You can now check the status of the UFW firewall with the following command:

ufw status

You should get the following output:

Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                 
22/tcp (v6)                ALLOW       Anywhere (v6)

Step 4 – UFW Basic Rules

In this section, we will learn how to allow, deny and delete UFW firewall rules.

There are two ways to allow incoming traffic with UFW.

If you want to allow incoming traffic of HTTP service, then run the following command with a service name:

ufw allow http

Or, run the following command with port number:

ufw allow 80

To allow HTTPs on port 443, run the following command:

ufw allow https

Or:

ufw allow 443/tcp

You can also filter the packets based on TCP/UDP by running the following command:

ufw allow 80/tcp
ufw allow 21/udp

You can also deny any rules with the following command:

ufw deny 80

Or:

ufw deny http

To delete the HTTP rules, run the following command:

ufw delete allow http

Or:

ufw delete allow 80

Step 5 – UFW Advanced Rules

In this section, we will learn some advanced rules with UFW.

If you have some applications to run on a range of ports 8080-8090. You can allow these ports by running the following command:

ufw allow 8080:8090/tcp

If you want to add a specific IP address (192.168.0.3) to allow access to all incoming connections, run the following command:

ufw allow from 192.168.0.3

To deny all incoming connections from specific IP address (192.168.0.4), run the following command:

ufw deny from 192.168.0.4

If you want to allow a specific IP address (192.168.0.5) on a specific port (80), run the following command:

ufw allow from 192.168.0.5 to any port 80

To allow all incoming connections to a specific network interface (eth1), run the following command:

ufw allow in on eth2

To allow all incoming connections to specific network subnets (192.168.0.1/24), run the following command:

ufw allow from 192.168.1.0/24

If you want to remove (reset) all of your rules, run the following command:

ufw reset

If you want to stop UFW and deactivate all the rules, run the following command:

ufw disable

Conclusion

In the above tutorial, we learned how to setup UFW firewall on Ubuntu 18.04. We have also learned how to allow, deny, delete and some advanced rules with UFW. If you’re ready to get started with UFW, take a look at Atlantic.Net’s VPS Hosting plans.