Vincent's Weblog

UFW Basics

On Debian and Ubuntu systems, the easiest way to configure a firewall is with UFW - The Uncomplicated FireWall.

Installing and enabling

sudo apt install ufw
sudo ufw enable

The default configuration is to deny all incoming traffic

Listing rules

sudo ufw status

Allowing a service

To enable a service, either type the service name (eg ssh or http/https) or the port number

sudo ufw allow ssh
sudo ufw allow 1234

Deleting a rule

To delete a rule, type delete before the rule, for example

sudo ufw delete allow ssh

Blocking an IP

All ip's can be changed to CIDR ranges (ie

sudo ufw deny from

Allowing an IP

sudo ufw allow from

Changing the default behavior

By default, all incoming connections are blocked unless a rule to allow them is specified. It is not recommended changing this behavior, but if you must, this is how:

sudo ufw default allow incoming

to revert back,

sudo ufw default deny incoming

(you can change incoming to outgoing if you want to change the default behavior for outgoing traffic.)