The Uncomplicated Firewall (ufw) is a user-friendly interface for managing netfilter, the standard firewall utility included with most Ubuntu and Debian-based Linux distributions. ufw simplifies firewall configuration by providing straightforward commands for enabling, disabling, and managing firewall rules without requiring extensive networking knowledge.
To enable ufw to start automatically at boot:
systemctl enable ufwTo start or stop the firewall:
ufw enable
ufw disableTo see the status, run
ufw status
ufw status numberedOpen Ports
Here are some commands to open ports.
ufw allow ssh
ufw allow http
ufw allow https
ufw allow 3333/tcpFollowing command open tcp ports 8000 to 9000.
ufw allow 8000:9000/tcpDisable all other ports by default for incoming and allow all outbound traffic
ufw default deny incoming
ufw default allow outgoingBlock a port, below example will block port 80
ufw deny 80/tcpWhitelist an IP
To allow an IP to access all services
ufw allow from IP_ADDR_HERETo allow to specific PORT
ufw allow from IP_ADDR_HERE proto tcp to any port PORT_HERE
ufw allow from IP_ADDR_HERE proto udp to any port PORT_HEREEnable Logging
To enable logging, run
ufw logging onBy default ufw logs to /var/log/kern.log.
To log to different file, edit
vi /etc/rsyslog.d/20-ufw.confUncomment the line
:msg,contains,"[UFW " /var/log/ufw.logrstart rsyslog
systemctl restart rsyslogTo allow all Cloudflare IP addresses for web traffic, use the following command. This is useful if your server is behind Cloudflare’s CDN:
for cfip in `curl -sw '\n' https://www.cloudflare.com/ips-v{4,6}`; do ufw allow proto tcp from $cfip comment 'Cloudflare IP'; doneTo list available apps, run
ufw app listSee firewall