Firewall UFW : A beginner’s Guide

  Linux system administration, Security
UFW essentials: managing Linux firewall ubuntu debian tutorial

If you’re new to Linux, you might have heard of UFW or Uncomplicated Firewall. As the name suggests, UFW is a simple and user-friendly tool that allows you to manage your Linux firewall.

In this article, we’ll go over some UFW essentials and explanations to help you get started.

What is a Firewall?

A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between your computer or network and the internet or other networks.

Why Use UFW?

UFW is a front-end to the iptables firewall that comes pre-installed on most Linux distributions. It simplifies the process of managing the firewall by providing a user-friendly command-line interface.

UFW Essentials

Installation

UFW is pre-installed on most Linux distributions. However, if it’s not installed on your system, you can install it using the following command:

$ sudo apt-get install ufw

Basic Syntax

The basic syntax of UFW is as follows:

$ sudo ufw [option] [allow/deny] [port/protocol]

Here’s a breakdown of the syntax:

  • sudo – allows you to run the command with root privileges
  • ufw – the UFW command
  • [option] – additional options such as enable, disable, status, reset, reload
  • [allow/deny] – whether to allow or deny the traffic
  • [port/protocol] – the port number and/or protocol to be allowed or denied

Checking the Status

To check the status of UFW, run the following command:

$ sudo ufw status

This will show you the current status of UFW and the rules that are currently in effect.

Enabling and Disabling UFW

To enable UFW, run the following command:

$ sudo ufw enable

To disable UFW, run the following command:

$ sudo ufw disable

Default Policies

When you enable UFW, the default policies are set to deny all incoming traffic and allow all outgoing traffic. You can change the default policies using the following commands:

$ sudo ufw default allow [incoming/outgoing]
$ sudo ufw default deny [incoming/outgoing]

Allowing and Denying Traffic

To allow traffic to a specific port, run the following command:

$ sudo ufw allow [port/protocol]

To deny traffic to a specific port, run the following command:

$ sudo ufw deny [port/protocol]

Block an IP Address

To block all network connections that originate from a specific IP address, run the following command, replacing the highlighted IP address with the IP address that you want to block:

$ sudo ufw deny from 192.168.10.224
OutputRule added

In this example, from 192.168.10.224 specifies a source IP address of “192.168.10.224”.

If you run sudo ufw status now, you’ll see the specified IP address listed as denied:

OutputStatus: active
To                         Action      From
--                         ------      ----
Anywhere                   DENY        192.168.10.224

All connections, coming in or going out, are blocked for the specified IP address.

You can also Block connections from a whole subnet by providing the corresponding subnet mask for a host, such as 192.168.10.0/24.

Allow an IP Address

To allow all network connections that originate from a specific IP address, run the following command, replacing the highlighted IP address with the IP address that you want to allow access:

$ sudo ufw allow from 192.168.10.224
OutputRule added

If you run sudo ufw status now, you’ll see output similar to this, showing the word ALLOW next to the IP address you just added.

OutputStatus: active
To                         Action      From
--                         ------      ----
...
Anywhere                   ALLOW       192.168.10.224

You can also allow connections from a whole subnet by providing the corresponding subnet mask for a host, such as 192.168.10.0/24.

Delete UFW Rule

To delete a rule that you previously set up within UFW, use ufw delete followed by the rule (allow or deny) and the target specification. The following example would delete a rule previously set to allow all connections from an IP address of 192.168.10.224:

$ sudo ufw delete allow from 192.168.10.224
OutputRule deleted

Another way to specify which rule you want to delete is by providing the rule ID. This information can be obtained with the following command:

$ sudo ufw status numbered
OutputStatus: active
     To                         Action      From
     --                         ------      ----
[1] Anywhere                   DENY IN     192.168.10.220
[2] Anywhere on eth0           ALLOW IN    192.168.10.222

From the output, you can see that there are two active rules. The first rule, with highlighted values, denies all connections coming from the IP address 192.168.10.220. The second rule allows connections on the eth0 interface coming in from the IP address 192.168.10.222.

Because by default UFW already blocks all external access unless explicitly allowed, the first rule is redundant, so you can remove it. To delete a rule by its ID, run:

$ sudo ufw delete 1

You will be prompted to confirm the operation and to make sure the ID you’re providing refers to the correct rule you want to delete.

OutputDeleting:
 deny from 192.168.10.220
Proceed with operation (y|n)? y
Rule deleted

If you list your rules again with sudo ufw status, you’ll see that the rule was removed.

List Available Application Profiles

Upon installation, applications that rely on network communications will typically set up a UFW profile that you can use to allow connection from external addresses. This is often the same as running ufw allow from, with the advantage of providing a shortcut that abstracts the specific port numbers a service uses and provides a user-friendly nomenclature to referenced services.

To list which profiles are currently available, run the following:

$ sudo ufw app list

If you installed a service such as a web server or other network-dependent software and a profile was not made available within UFW, first make sure the service is enabled. For remote servers, you’ll typically have OpenSSH readily available:

OutputAvailable applications:
  OpenSSH

Allow All Incoming HTTP/HTTPS (port 443 / 80)

Web servers, such as Apache and Nginx, typically listen for HTTP requests on port 80.

HTTPS typically runs on port 443. If your default policy for incoming traffic is set to drop or deny, you’ll need to create a UFW rule to allow external access on port 443. You can use either the port number or the service name (https) as a parameter to this command.

To allow all incoming HTTPS and HTTP (port 443 / 80) connections, run:

$ sudo ufw allow https,http
OutputRule added
Rule added (v6)

An alternative syntax is to specify the port number of the HTTPS service:

$ sudo ufw allow 443,80

Conclusion

UFW is a powerful and easy-to-use tool that allows you to manage your Linux firewall. With the UFW essentials and explanations provided in this article, you should now have a good understanding of how to get started with UFW.

Remember to always be cautious when configuring your firewall, and only allow traffic that is necessary for your system to function properly.

LEAVE A COMMENT