The Uncomplicated Firewall (ufw) is a user-friendly interface for managing netfilter, the standard firewall utility included with most Ubuntu and Debian-based Linux distributions. ufw simplifies firewall configuration by providing straightforward commands for enabling, disabling, and managing firewall rules without requiring extensive networking knowledge.
To enable ufw to start automatically at boot:
systemctl enable ufw
To start or stop the firewall:
ufw enable
ufw disable
To see the status, run
ufw status
ufw status numbered
Open Ports
Here are some commands to open ports.
ufw allow ssh
ufw allow http
ufw allow https
ufw allow 3333/tcp
Following command open tcp ports 8000 to 9000.
ufw allow 8000:9000/tcp
Disable all other ports by default for incoming and allow all outbound traffic
ufw default deny incoming
ufw default allow outgoing
Block a port, below example will block port 80
ufw deny 80/tcp
Whitelist an IP
To allow an IP to access all services
ufw allow from IP_ADDR_HERE
To allow to specific PORT
ufw allow from IP_ADDR_HERE proto tcp to any port PORT_HERE
ufw allow from IP_ADDR_HERE proto udp to any port PORT_HERE
Enable Logging
To enable logging, run
ufw logging on
By default ufw logs to /var/log/kern.log.
To log to different file, edit
vi /etc/rsyslog.d/20-ufw.conf
Uncomment the line
:msg,contains,"[UFW " /var/log/ufw.log
rstart rsyslog
systemctl restart rsyslog
To allow all Cloudflare IP addresses for web traffic, use the following command. This is useful if your server is behind Cloudflare’s CDN:
for cfip in `curl -sw '\n' https://www.cloudflare.com/ips-v{4,6}`; do ufw allow proto tcp from $cfip comment 'Cloudflare IP'; done
To list available apps, run
ufw app list
See firewall
Leave a Reply