Installing and configuring UFW on Linux (Ubuntu)

The that Linux uses is called iptables. Different graphical shells are used so that configuration is easy. Think about one of them: Simple Firewall (UFW).

Short description

The name comes from English, and literally means “simple firewall.” The product has a graphical that is based on the command line. This is one of its features. In short, UFW is used to set up simple firewalls. It has the bare minimum of functions needed to protect corporate resources in a standard way. More complex rules and fine tuning are available in iptables.

At first, the solution was made for the and families of operating systems. Under Ubuntu, the following steps are taken.

Preliminary preparation

If UFW is not installed on the server platform, use the standard utility:

sudo apt-get install ufw

The second option – the utility is installed, but inactive, then we write:

sudo ufw enable

Important! Any actions related to product configuration are performed with superuser rights.

After installation, check the status of the program:

sudo ufw status verbose

The standard configuration of the program blocks incoming traffic, but allows outgoing traffic. To change the parameters, open the system file:

sudo nano /etc/default/ufw

sudo ufw default deny incoming
sudo ufw default allow outgoing

The first line is responsible for blocking, and the second for outgoing connections.


UFW distributes rules according to program profiles. They are stored in the following path:


Creating a new or editing a current profile is carried out by the administrator in manual mode. First, let’s take a look at the current profiles:

sudo ufw app list

Viewing detailed information on any record is carried out using the following command:

sudo ufw app info 'name'

Where name is the profile name enclosed in single quotes.

, let’s look at the OpenSSH service:

The first line is the name of the new entry in UFW. The second describes the title by which the profile will be identified. The third contains a brief description of the service (it is recommended to use 1-2 sentences). The last line specifies the ports that need to be opened for the application to work.

Save the file and restart the firewall:

ufw reload

The next step is to write the policy for the new entry. Two modes are available: allow (Allow) and prohibit (Deny). The syntax looks like this:


Where action is one of the two values ​​Allow or Deny and name_profile is the name of the profile.

Port operations

The Allow/Deny commands are also used to open/close ports, depending on the requirements of the administrator. The syntax looks like this:

sudo ufw /


1. action – one of two actions: allow (Allow) or deny (Deny);
2. port – numeric name of the port for which the rule is applied;
3. name_protocol – the name of the protocol.

If you want to specify a list of ports, use a colon between the start and end points. An alternative is to use the name of the service for which the entry is being created. For example, let’s open a port for an HTTP service:

sudo ufw allow http

Important! UFW allows a standard port that is assigned to a service. If the value differs from the generally accepted ones, then you cannot create a rule by the name of the service – it is not activated.

Operations with IP addresses

Similarly to rule ports, rules are created for IP addresses. The syntax is identical to the previous paragraph:

sudo ufw from

Action – takes the Allow or Deny value, IP address – the address of the equipment that is granted / denied to the server.

For example, the command to allow a device with an IP address of to access all server ports can be written as follows:

sudo ufw allow from

A port identification option is also available, for example:

sudo ufw allow from to any port 22

Adding the phrase to any port (name) specifies the specific value of the port for which access will be granted. Instead of name, specify the port number.

If you want to create a rule for multiple IP addresses, use the modified syntax:

sudo ufw allow from

Network Interface Operations

When creating profiles, the names of network interfaces are also used. The syntax is given below:

sudo ufw in on to any port

sudo ufw in on

The action field, as in the previous sections, accepts the Allow and Deny states, and the name_interface option is responsible for the name of the network interface for which the rule is being created.

To view the list of active interfaces, enter the command in the terminal:

ifconfig -a

An additional option is also available to any port – to uniquely identify the port.

Deleting entries

To delete a previously created rule, use the delete key. In general, the command looks like this:

sudo ufw delete

Where number is the serial number of the entry in the UFW configuration table. To put down numerical values ​​for each line, specify in the terminal:

sudo ufw status numbered

After that, simply indicate the record number in the table. Let’s say:

sudo ufw delete 7

No reboot required.


Welcome to the world of DomainRooster, where roosters (and hens) rule the roost! We're a one-stop shop for all your entrepreneurial needs, bringing together domain names and website hosting, and all the tools you need to bring your ideas to life. With our help, you'll soar to new heights and hatch great success. Think of us as your trusty sidekick, always there to lend a wing and help you navigate the sometimes-complex world of domain names and web hosting. Our team of roosters are experts in their fields and are always on hand to answer any questions and provide guidance. So why wait? Sign up today and join the ranks of the world's greatest entrepreneurs. With DomainRooster, the sky's the limit! And remember, as the saying goes, "Successful people do what unsuccessful people are not willing to do." So don't be afraid to take that leap of faith - DomainRooster is here to help you reach for the stars. Caw on!