Ufw -The Uncomplicated Firewall

Table of Contents

Introduction

Ufw is the uncomplicated firewall. It is a command line frontend to iptables, and is designed to ease the iptables configuration. There is also a GUI frontend called gufw. Ufw is the firewall program that ships on Ubuntu and most Ubuntu-based distros. On Ubuntu, ufw is disabled by default.

Enable Ufw

  • sudo systemctl enable ufw.service
  • sudo systemctl start ufw.service
  • sudo systemctl enable ufw.service –now (enables and starts in one command)
  • sudo ufw enable (needed only once the first time you install the package)
  • systemctl status ufw
  • sudo ufw status WARNING! If you are remoting into a server, be careful enabling ufw until you have your rules properly setup, because you may end up losing your connection. By default, ufw denies all connections, including ssh and vnc!

Ufw App List

  • sudo ufw app list Lists all available ufw applications on your system. This will depend on what programs you have installed on your system.

An Example Configuration

  • sudo ufw default deny
  • sudo ufw allow from 192.168.0.0/24 (allow any protocol from inside a 192.168.0.1-192.168.0.255 LAN)
  • sudo ufw allow Transmission (allow incoming through Transmission)
  • sudo ufw limit SSH (rate limited SSH traffic from anywhere) ufw has the ability to deny connections from an IP address that has attempted to initiate 6 or more connections in the last 30 seconds. Users should consider using this option for services such as SSH.
  • sudo ufw allow PORTNUMBER
    • 21 ftp
    • 22 ssh
    • 25 smtp
    • 80 www/http
    • 110 POP3
    • 143 IMAP
    • 443 https

Removing Firewall Rules

  • sudo ufw status numbered Will list all currently used firewall rules.
  • sudo ufw delete n (where n is the number from the status command)

Misc commands

  • sudo ufw logging off This turns logging off if its filling up the kernel(dmesg) and message logs.
  • journalctl -f (view a live log of new messages as they are collected)

Gufw

Gufw is great for managing your firewall on a desktop computer. Obviously, if you ssh’ing into a remote machine, you will need to use the command line to manage ufw.

Footer

Copyright © 2020-2021 Derek Taylor (DistroTube)

This page is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License (CC-BY-ND 4.0).

The source code for distro.tube can be found on GitLab. User-submitted contributions to the site are welcome, as long as the contributor agrees to license their submission with the CC-BY-ND 4.0 license.

Author: dt

Created: 2022-02-20 Sun 10:16