UFW (Uncomplicated Firewall) is a user-friendly frontend for managing Linux firewall rules using iptables or nftables. It is the default firewall management tool on Ubuntu and is designed to simplify firewall configuration while maintaining strong security controls. UFW allows administrators to manage open ports, restrict IP addresses, configure default policies, and secure servers with minimal complexity, making it ideal for Ubuntu VPS hosting, cloud servers, and production environments.

What Is UFW and Why Use It?

Ubuntu UFW provides a simplified interface for managing firewall rules without directly editing complex iptables chains. It is particularly useful for securing SSH access, web servers (Apache/Nginx), mail servers, and database services.

  • Simple syntax for managing firewall rules
  • Supports IPv4 and IPv6
  • Easy to enable or disable services
  • Ideal for Ubuntu servers and VPS environments
  • Integrates cleanly with OpenSSH and common services

1. Check UFW Status

sudo ufw status verbose
  • sudo → Executes the command with administrative privileges.
  • ufw → Invokes the Uncomplicated Firewall utility.
  • status → Displays current firewall status and rules.
  • verbose → Shows detailed rule and policy information.

2. Enable UFW

Before enabling UFW, ensure SSH access is allowed to prevent locking yourself out.

sudo ufw allow ssh
  • allow → Permits traffic matching the rule.
  • ssh → Refers to the predefined OpenSSH service (port 22).
sudo ufw enable
  • enable → Activates the firewall and applies rules.

3. Disable UFW

sudo ufw disable
  • disable → Stops the firewall and removes active filtering.

4. Set Default Policies

It is best practice to deny incoming traffic by default and allow outgoing traffic.

sudo ufw default deny incoming
  • default → Sets default firewall policy.
  • deny incoming → Blocks all inbound traffic unless explicitly allowed.
sudo ufw default allow outgoing
  • allow outgoing → Permits all outbound connections.

5. Allow Specific Ports

Allow HTTP (Port 80)

sudo ufw allow 80/tcp
  • 80 → HTTP port number.
  • tcp → Specifies TCP protocol.

Allow HTTPS (Port 443)

sudo ufw allow 443/tcp
  • 443 → HTTPS port number.
  • tcp → Transmission Control Protocol.

Allow Custom Port

sudo ufw allow 2222/tcp
  • 2222 → Custom SSH port.
  • tcp → TCP protocol.

6. Deny Specific Ports

sudo ufw deny 21/tcp
  • deny → Blocks traffic for the specified rule.
  • 21/tcp → FTP port over TCP.

7. Allow Access from a Specific IP Address

sudo ufw allow from 192.168.1.100
  • allow from → Permits traffic from a specific source IP.
  • 192.168.1.100 → Trusted IP address.

8. Allow Access to Specific Port from Specific IP

sudo ufw allow from 192.168.1.100 to any port 22
  • from 192.168.1.100 → Specifies allowed source IP.
  • to any port 22 → Restricts rule to SSH port.

9. Delete a Rule

sudo ufw delete allow 80/tcp
  • delete → Removes an existing firewall rule.
  • allow 80/tcp → Rule being removed.

10. Reset UFW to Default

sudo ufw reset
  • reset → Disables UFW and removes all rules.

11. List Numbered Rules

sudo ufw status numbered
  • status numbered → Displays rules with numbers for easy deletion.

12. Enable Logging

sudo ufw logging on
  • logging on → Enables firewall logging.

Advanced UFW Tips for Ubuntu Servers

  • Always allow SSH before enabling UFW.
  • Use key-based SSH authentication.
  • Restrict SSH access to trusted IP addresses.
  • Regularly review firewall rules.
  • Monitor logs for suspicious activity.

UFW and Ubuntu VPS Security

For Ubuntu VPS hosting and cloud servers, UFW provides a lightweight and efficient firewall solution. It helps secure web servers, database servers, mail servers, and custom applications. Combined with strong authentication, regular updates, and intrusion detection tools like Fail2ban, UFW significantly improves server security.

Final thoughts

Ubuntu UFW is one of the easiest and most effective ways to secure a Linux server. With simple commands to allow or deny traffic, set default policies, and restrict access by IP address, UFW provides robust firewall protection without the complexity of raw iptables configuration. Whether you are managing a personal VPS or a production cloud environment, mastering UFW is an essential skill for modern Ubuntu server administration.

Cette réponse était-elle pertinente? 6521 Utilisateurs l'ont trouvée utile (43400 Votes)

Les plus consultés

IPTABLES examples

#1: Displaying the Status of Your Firewall Type the following command as root: # iptables -L -n...
lsof Linux Command Examples

About lsof Command If you want to quickly see the name of files that have been opened by a...
13 Linux commands for beginners

About 90% of the Internet is powered by Linux servers. And if you want to manage or deploy...
The TAR command in Linux

The tar command is used to put a collection of files and folders into a highly compressed...
Monitor your server with VMStat and IOstat

If vmstat and iostat commands are not available on your box, please install sysstat package....