XZ

Xiao Z's blog

Learn, build, share

Simple and Powerful: Mastering UFW Firewall Commands Quickly

ufw firewalllinux firewall commandsufw allow portufw deny ipdebian firewall
Published·Modified·

xiaoz previously used Red Hat-based CentOS as the server operating system. However, since CentOS Stream became a rolling update preview of RHEL, xiaoz has gradually shifted to Debian. Although it was a bit unfamiliar at first, after using it for a while, xiaoz found Debian to be very user-friendly.

Take firewall management as an example. I used firewalld under CentOS, and after switching to Debian, I found ufw to be even simpler and easier to use. This article shares a quick start guide for ufw.

UFW Firewall

About UFW

UFW (Uncomplicated Firewall) is a simplified and easy-to-use Linux firewall tool designed to facilitate users in managing iptables firewall rules. It provides users with an intuitive and easy-to-understand command-line interface, making the configuration of firewall rules much simpler.

Some main features and functions of UFW:

  1. Simplified Firewall Management: UFW provides a concise command-line interface, allowing you to easily add, delete, and modify firewall rules.
  2. Based on iptables: UFW is based on iptables, so it is compatible with existing firewall technologies in the Linux kernel. It is essentially a friendly frontend for iptables.
  3. Allow and Deny Rules: You can use UFW to create allow and deny rules to control inbound and outbound traffic. This allows you to precisely control which connections are allowed to enter or leave your system.
  4. Allow Specific Ports, Protocols, and IPs: UFW allows you to allow connections for specific ports, protocols (TCP or UDP), and specific source or destination IP addresses.
  5. Limit Specific IP Access: You can use UFW to restrict specific IP addresses from accessing specific ports on your system.
  6. Logging: UFW can log firewall activity, which is very useful for monitoring your system security and troubleshooting network issues.
  7. Easy to Enable and Disable: UFW can be easily enabled and disabled, allowing you to quickly enable the firewall when needed or temporarily disable it during system maintenance.

Installing UFW

On Debian, Ubuntu, or their derivative versions, open the terminal and execute the following commands to install:

# Install ufw
sudo apt-get update
sudo apt-get install ufw

Then start ufw:

# Start ufw
sudo ufw enable
# Set to start automatically on boot
sudo systemctl enable ufw

Execute sudo ufw status to check the current status. There are usually three states:

  • Status: inactive: Indicates that UFW is not enabled, and the firewall is turned off.
  • Status: active: Indicates that UFW is enabled, and firewall rules are being applied to the system.
  • Status: inactive (dead): Indicates that UFW is disabled, and the firewall is not running in the system.

UFW Allowing Ports

The commands for ufw are much more concise than firewalld. For example, if you want to allow a single port, you only need to execute:

# Replace <port> with the specific port number you want to allow. For example, to allow TCP port 80, execute sudo ufw allow 80.
sudo ufw allow <port>

If you need to allow a port for a specific protocol, we need to add the protocol:

# Replace <port> with the port number, <protocol> with the protocol type (e.g., tcp, udp). For example, to allow UDP port 53, execute sudo ufw allow 53/udp.
sudo ufw allow <port>/<protocol>

Allow a range of ports:

sudo ufw allow <start-port>:<end-port>/<protocol>

Replace <start-port> with the starting port number, <end-port> with the ending port number, and <protocol> with the protocol. For example, to allow the TCP port range 8000 to 9000, you can execute sudo ufw allow 8000:9000/tcp.

Deleting Already Allowed Rules or Ports in UFW

To delete an already added rule in UFW (Uncomplicated Firewall), you can delete it by rule number or by specific allow conditions. Here are two methods:

Method 1: Delete by Rule Number

First, run the following command to check the current UFW status and existing rules:

sudo ufw status numbered

This will display a list of rules with numbers.

Determine the number of the rule you want to delete, then use the following command to delete it, replacing [rule_number] with the actual rule number:

sudo ufw delete [rule_number]

For example, to delete the rule with number 1, run:

sudo ufw delete 1

Method 2: Delete by Allow Conditions

You can also delete rules by specifying allow conditions (such as port and protocol). For example, to delete the rule allowing TCP port 80, you can run:

sudo ufw delete allow 80/tcp

Or, if you want to delete the rule allowing UDP port 5000, you can run:

sudo ufw delete allow 5000/udp

After deleting the rule, run sudo ufw status again to confirm that the selected rule has been removed from UFW.

Blocking a Specific IP

Use the following command to block connections from a specific IP (e.g., 123.57.22.204):

sudo ufw deny from 123.57.22.204

Allowing a Specific IP to Access a Specific Port

Use the following command to allow a specific IP to access a specific port. Replace [ip_address] with the actual IP address to allow, [port_number] with the actual port number to allow access to, and [protocol] with tcp or udp, depending on the protocol you want to allow:

sudo ufw allow from [ip_address] to any port [port_number]/[protocol]

For example, to allow IP address 192.168.1.10 to access TCP port 22, you can run:

sudo ufw allow from 192.168.1.10 to any port 22/tcp

Conclusion

UFW is an easy-to-use and powerful firewall management tool that makes configuring firewall rules on Linux systems much simpler. Whether you are a Linux beginner or an experienced administrator, UFW is a tool worth trying.