How to manage Ubuntu firewall using UFW commands

How to manage Ubuntu firewall using UFW commands

The UFW or Uncomplicated Firewall is an application to manage an iptables based firewall on Ubuntu. UFW is the default firewall configuration tool for Ubuntu Linux and provides a user-friendly way to configure the firewall, the UFW command is just like English language so the commands are easy to remember. The UFW firewall supports both IPv4 and IPv6. This tutorial explains the management of Ubuntu firewall using UFW commands.

Pre-Requisites

  1. Ubuntu
  2. Root privileges or admin privileges

UFW Commands

To enable UFW in the terminal, execute the following command. 

root@linuxhelp:~# ufw enable
Firewall is active and enabled on system startup

To know about the firewall status, run the following command. 

root@linuxhelp:~# ufw status
Status: active

The UFW also helps us to open a particular port to allow the access to a user and trigger the following command. 

root@linuxhelp:~# ufw allow 22
Rule added
Rule added (v6)

root@linuxhelp:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere                  
22 (v6)                    ALLOW       Anywhere (v6)

We can also add a rule by using the insert command and display the status in numbered format by running the following command. 

root@linuxhelp:~# ufw insert 1 allow 80
Rule inserted
Rule inserted (v6)

root@linuxhelp:~# ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 80                         ALLOW IN    Anywhere                  
[ 2] 22                         ALLOW IN    Anywhere                  
[ 3] 80 (v6)                    ALLOW IN    Anywhere (v6)             
[ 4] 22 (v6)                    ALLOW IN    Anywhere (v6)

To deny a connection from a open port, run the following command. 

root@linuxhelp:~# ufw deny 25
Rule added
Rule added (v6)

root@linuxhelp:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
80                         ALLOW       Anywhere
25                         DENY        Anywhere      
25 (v6)                    DENY        Anywhere (v6)

To remove a rule, use the delete command to delete a specific rule. 

root@linuxhelp:~# ufw delete deny 25
Rule deleted
Rule deleted (v6)

root@linuxhelp:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere                  
22 (v6)                    ALLOW       Anywhere (v6)             

root@linuxhelp:~# ufw status numbered
Status: active

To                         Action      From
--                         ------      ----
[ 1] 80                    ALLOW IN    Anywhere                  
[ 2] 22                    ALLOW IN    Anywhere                  
[ 3] Anywhere              ALLOW IN    15.15.15.51               
[ 4] 22                    ALLOW IN    15.15.15.51               

root@linuxhelp:~# ufw delete 3
Deleting:
 allow 80
Proceed with operation (y|n)? y
Rule deleted (v6)

root@linuxhelp:~# ufw status numbered
Status: active

To                         Action      From
--                         ------      ----
[ 1] 80                     ALLOW IN    Anywhere                  
[ 2] 22                     ALLOW IN    Anywhere                  
[ 3] 22                     ALLOW IN    15.15.15.51

To allow connections from a specific IP address, use the following command. 

root@linuxhelp:~# ufw allow from 15.15.15.51
Rule added

root@linuxhelp:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
Anywhere                   ALLOW       15.15.15.51

We can also specify a specific port for the IP address that is allowed to connect by adding " to any port" followed by the port number. 

root@linuxhelp:~#  ufw allow from 15.15.15.51 to any port 22
Rule added

root@linuxhelp:~# ufw status
Status: active
To                         Action      From
--                         ------      ----
Anywhere                   ALLOW       15.15.15.51               
22                         ALLOW       15.15.15.51

To allow a subnet of IP addresses, use a CIDR notation to specify a netmask as the command below. 

root@linuxhelp:~# ufw allow from 15.15.15.0/24
Rule added

root@linuxhelp:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
Anywhere                   ALLOW       15.15.15.51               
22                         ALLOW       15.15.15.51               
Anywhere                   ALLOW       15.15.15.0/24

This command is executed to view the list of applications that is installed in the system. 

root@linuxhelp:~# ufw app list
Available applications:
  Apache
  Apache Full
  Apache Secure
  CUPS
  Samba

To allow traffic to a port using an application profile run the following command. 

root@linuxhelp:~# ufw allow samba
Rule added
Rule added (v6)

root@linuxhelp:~# ufw allow from 192.168.0.0/24 to any app Samba
Rule added

root@linuxhelp:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
80                         ALLOW       Anywhere   
Samba                      ALLOW       Anywhere                  
Samba                      ALLOW       192.168.0.0/24

To view details about particular application information such as ports, protocols, etc., that are defined for an application, enter the following command. 

root@linuxhelp:~#  ufw app info Samba

Profile: Samba
Title: LanManager-like file and printer server for Unix
Description: The Samba software suite is a collection of programs that
implements the SMB/CIFS protocol for unix systems, allowing you to serve
files and printers to Windows, NT, OS/2 and DOS clients. This protocol is
sometimes also referred to as the LanManager or NetBIOS protocol.

Ports:
  137,138/udp
  139,445/tcp

The list of commands to be used in UFW command is done as shown above.

Tag : Firewall
FAQ
Q
What are the Pre-requisites required for the UFW?
A
Pre-Requisites for UFW were

Ubuntu
Root privileges or admin privileges
Q
What is Ubuntu Firewall?
A
The UFW or Uncomplicated Firewall is an application to manage an iptables based firewall on Ubuntu. UFW is the default firewall configuration tool for Ubuntu Linux and provides a user-friendly way to configure the firewall, the UFW command is just like English language so the commands are easy to remember. The UFW firewall supports both IPv4 and IPv6
Q
After installing Apache my 80 port is not accessible?
A
Try to allow 80 on UFW.
Q
I'm getting dpkg error status while installing the package?
A
remove the dpkg lock file and proceed.
Q
After installation also it is not working? Help me..
A
Check the status of the daemon whether it is in running state or not.