UFW Basics: Setting Up Your Linux Firewall

Uncomplicated Firewall (UFW) is a user-friendly front-end for managing iptables firewall rules. Its goal is to make firewall configuration easy, or “uncomplicated.” UFW is particularly well-suited for host-based firewalls. It simplifies the process of configuring a firewall by providing a streamlined command-line interface. This article will guide intermediate users through the basics of UFW, covering installation, key commands, rule management, and practical examples for securing your Linux server.

Overview and Installation

UFW comes pre-installed with all Ubuntu installations. However, it is typically disabled by default. For other Debian-based distributions, if UFW is not installed, you can easily install it via the package manager.

To install UFW, use the following command:

sudo apt-get install ufw

Basic Commands

Understanding the basic commands will help you manage UFW effectively. These commands allow you to enable, disable, and check the status of your firewall, providing quick insights into the rules that are active.

Enable UFW:

To activate the firewall, use:

sudo ufw enable

This command activates the firewall with the current ruleset.

Disable UFW:

If you need to turn off the firewall, use:

sudo ufw disable

This will stop the firewall and deactivate all rules.

Check UFW Status:

To see which rules are currently active, along with the status of the firewall, use:

sudo ufw status verbose

This command provides a detailed output of all active rules and additional status information like logging settings.

Basic Rules

Setting up basic rules in UFW for common services such as SSH, HTTP, and HTTPS is straightforward.

Allow SSH (Port 22):

To prevent being locked out of your server, you should first allow SSH connections:

sudo ufw allow 22/tcp

Allow HTTP (Port 80) and HTTPS (Port 443):

To allow web traffic, HTTP and HTTPS services need to be accessible:

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

Deny Access:

If you wish to deny traffic on a specific port, use:

sudo ufw deny 8080

This command blocks all access to port 8080.


Here are practical step-by-step scenarios for deploying UFW rules.

Scenario 1: Allow Access from Specific IP

If you need to allow access from a specific IP address to all services, you can specify the source:

sudo ufw allow from

This allows all traffic from IP address

Scenario 2: Allow Access to a Specific Port from Specific IP

To restrict access to a service (e.g., SSH) so that it’s only available from a specific IP:

sudo ufw allow from to any port 22

This rule allows SSH connections only from

Scenario 3: Allow Port Range

You might need to open a range of ports for certain applications:

sudo ufw allow 6000:6007/tcp

This command will allow TCP traffic for ports ranging from 6000 to 6007.


Getting started with UFW doesn’t have to be complicated. With the basic commands and rules outlined in this article, you can securely configure your firewall. Remember, managing a server’s firewall is a crucial part of maintaining server security and should be treated diligently. Always double-check the rules you’ve set up to ensure that they correctly reflect the access controls you intend to enforce.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *