Vincent's Weblog

UFW Basics

On Debian and Ubuntu systems, the easiest way to configure a firewall is with UFW - The Uncomplicated FireWall.

Installing and enabling

sudo apt install ufw
sudo ufw enable

The default configuration is to deny all incoming traffic

Listing rules

sudo ufw status

Allowing a service

To enable a service, either type the service name (eg ssh or http/https) or the port number

sudo ufw allow ssh
sudo ufw allow 1234

Deleting a rule

To delete a rule, type delete before the rule, for example

sudo ufw delete allow ssh

Blocking an IP

All ip's can be changed to CIDR ranges (ie 172.16.0.0/24)

sudo ufw deny from 1.2.3.4

Allowing an IP

sudo ufw allow from 1.2.3.4

Changing the default behavior

By default, all incoming connections are blocked unless a rule to allow them is specified. It is not recommended changing this behavior, but if you must, this is how:

sudo ufw default allow incoming

to revert back,

sudo ufw default deny incoming

(you can change incoming to outgoing if you want to change the default behavior for outgoing traffic.)