An introduction to UFW

By me, Thomas

This article was written for Debian systems, other systems may be compatible as well.
The UFW commands have to be run with sudo/root permissions so you may need to run them as root or with sudo.

Table

• Installation
• Configuration
• Examples

Installation

The installation is pretty simple

    apt update
    apt install ufw -y

---

Configuration

First it’s most important to enable UFW, however it’s the second most important thing if you already have network active connections that cannot be disrupted.

For example, if you are configuring the server via SSH(tcp/22) then it can’t hurt to allow that connection fist.
In this case, skip to step 3 [Command Syntax] or the examples below to allow the connections you need, before you enable UFW.

1. Enable UFW

   ufw enable
   

   By default, without any additional configuration, UFW will deny all incoming connections that are not initiated from the localhost.
2. Verify UFW is running

   ufw status
   

3. Command Syntax Parameters in brackets () are optional.

   ufw allow|deny|reject|delete (from host/network) (to host/network) (port) port|service (proto protocol)
   

Again, by default UFW will deny all incoming connections that are not initiated from the localhost.
With the ufw command you can allow or block reject web traffic.

• Allow: Allow something

• Deny: Drop something

  This means the traffic will be dropped, the other side will usually get a timeout

• Reject: Block something

  This means the traffic will be blocked, the other side will get notified that the traffic was indeed blocked, instead of just a timeout

You can choose to only apply your filter only for a specific source with the from host/network parameter.

• Host: is defined via an IP address
• Network: is defined via the network IP and the cidr notation

If you choose to filter the source, you must also specify the target host to host/network parameter.
In case you don’t have any specific target you can use to any which… means just everything so not very filtery.

You can choose to only apply your filter for a specific target with the to host/network parameter.

• Host: is defined via an IP address
• Network: is defined via the network IP and the cidr notation

If you choose to filter the target, you must also specify the source host from host/network parameter.
In case you don’t have any specific source you can use to any which could just be anything.

To use delete , you can just add the number of the rule after the command.
The numbers of the UFW rules are how they appear when you run ufw status .

---

Examples

• Allow SSH

  ufw allow SSH
  

• Allow HTTP/HTTPS

  ufw allow HTTP
  ufw allow HTTPS
  

• Allow from specific host or network
• Host

  ufw allow from 192.168.1.5 to any port 22
  

• Network

  ufw allow from 192.168.1.0/24 to any port 22
  

• Allow HTTP only to a specific IP

  ufw allow from any to 192.168.1.4 port 80
  

• Delete a rule

  ufw delete 4
  

---

Footnote

I may add more here as I go, but this is all I could come up with for now.

---

• tutorials (21)

• linux (11) ,
• debian (9) ,
• security (2) ,
• firewall (2) ,
• network (2) ,
• ufw (1) ,
• unix (4)