TroubleChute Logo
NETWORKING

UFW Install & Setup Crash Course


Published: Nov 12, 2022
Last Edit: Nov 12, 2022
UFW Firewall
610 Words, 3 Minutes.

What is UFW

UFW, or Uncomplicated Firewall is a simple firewall. You probably know what it’s for, so we can skip over that.

If your VPS host (if you’re using a VPS) has a hardware firewall, you’ll need to remember to allow ports though BOTH UFW and their firewall. You don’t always need a second firewall, but if you insist, this is a simple crash course.

Install UFW

1
2
3
sudo apt update
sudo apt install ufw
sudo ufw status

The last line, sudo ufw status, should return ‘Status: inactive’. You DO NOT want to enable this without allowing port 22 (or your SSH port) first! Keep that in mind.

Allow ports

By default: all inbound ports are blocked. You need to allow them yourself.

Usually, the first port you’ll allow through is 22 - the SSH port.

1
sudo ufw allow 22

You can also enable ports using application presets. To see a list of available applications, use:

1
sudo ufw app list

Then we can allow applications using their names, for example:

1
sudo ufw allow OpenSSH

If application names have a space, enter the text inside quotation marks.

(Note: forward either port 22 or the application. You don’t need to use both - and probably shouldn’t)

Common ports

TCP and/or UDP?

Simply running ufw allow <port> will allow BOTH TCP and UDP connections.

To specify a specific type, enter a port as such: ufw allow 21/tcp.

Multiple ports

To specify multiple ports, enter a port as such: ufw allow 21,25/tcp.

For a range of ports: ufw allow 21:25/tcp.

I have specified TCP, as a protocol is required.

Enable firewall

AFTER allowing SSH through (assuming you’re using SSH to run commands), run:

1
sudo ufw enable

After confirming, you may need to reconnect to your SSH server.

List rules

To list rules, run:

1
sudo ufw status

Removing a rule

If you used a name, you could run ufw delete allow OpenSSH`, for example. Otherwise, show a numbered list of rules:

1
sudo ufw status numbered

Then delete rules using their number (Shown in brackets before the rule):

1
sudo ufw delete 2

To delete the second rule.

Alternatively, you can also remove rules using their port numbers or ranges. Add delete just before allow. For example:

1
sudo ufw delete allow 25-30/tcp

Reset UFW

To reset everything: Disable UFW, then run the reset command.

1
2
sudo ufw disable
sudo ufw reset

More advanced rules

For a simple program, it gets a whole lot more powerful.

Allow from specific IPs or IP Ranges only

1
sudo ufw allow from 192.168.1.50 proto tcp to any port 22

Let’s break it down:

Ranges

Swap out the IP address for a range. For example, 192.168.1.0/``24 for everything on the local network.

Outgoing traffic

Every outbound connection is allowed unless expressly denied.

Deny a port by swapping allow for deny, and add an out just before the port.

1
sudo ufw deny out 25

This would deny outgoing SMTP traffic, for example.

TCNO TechNobo / TroubleChute © Wesley Pyburn (TechNobo / TroubleChute)