Simple and Powerful: Mastering UFW Firewall Commands Quickly

Publish: 2023-05-05 | Modify: 2023-05-05

xiaoz used to use the Redhat series CentOS as the server operating system. However, since CentOS Stream became the rolling update preview version of RHEL, xiaoz has gradually shifted towards Debian. Although it took some time to get used to it at first, xiaoz found Debian to be still very user-friendly.

Take firewall management as an example, I used firewalld on CentOS, but after switching to Debian, I found ufw to be simpler and easier to use. This article will share a quick start guide for ufw.

About ufw

ufw (Uncomplicated Firewall) is a simplified and user-friendly Linux firewall tool designed to make it easy for users to manage iptables firewall rules. It provides users with an intuitive and easy-to-understand command-line interface, making it easier to configure firewall rules.

Some key features and functions of ufw include:

  1. Simplified firewall management: ufw provides a concise command-line interface that allows you to easily add, delete, and modify firewall rules.
  2. Based on iptables: ufw is based on iptables, making it compatible with existing firewall technologies in the Linux kernel. It is essentially a friendly front-end for iptables.
  3. Allow and deny rules: You can use ufw to create allow and deny rules to control inbound and outbound traffic. This allows you to precisely control which connections are allowed to enter or leave your system.
  4. Allow specific ports, protocols, and IPs: ufw allows you to allow connections to specific ports, protocols (TCP or UDP), and specific source or destination IP addresses.
  5. Limit specific IP access: You can use ufw to restrict access to specific ports on your system from specific IP addresses.
  6. Logging: ufw can log firewall activity, which is useful for monitoring system security and troubleshooting network issues.
  7. Easy to enable and disable: ufw can be easily enabled and disabled, allowing you to quickly enable the firewall when needed or temporarily disable it for system maintenance.

Installing ufw

To install ufw on Debian, Ubuntu, or its derivatives, open a terminal and execute the following commands:

# Install ufw
sudo apt-get update
sudo apt-get install ufw

Then start ufw:

# Start ufw
sudo ufw enable
# Enable ufw at boot
sudo systemctl enable ufw

Execute sudo ufw status to check the current status, which usually has 3 states:

  • Status: inactive (not enabled): indicates that UFW is not enabled and the firewall is closed.
  • Status: active (enabled): indicates that UFW is enabled and firewall rules are being applied to the system.
  • Status: inactive (dead) (not enabled and not running): indicates that UFW has been disabled and the firewall is not running in the system.

Allowing Ports with ufw

ufw commands are much simpler compared to firewalld. For example, if you want to allow a single port, you only need to execute:

# Replace <port> with the specific port number you want to allow. For example, to allow TCP port 80, you can execute sudo ufw allow 80.
sudo ufw allow <port>

If you need to allow a specific protocol for a port, you need to specify the protocol:

# Replace <port> with the port number, and <protocol> with the protocol type (e.g., tcp, udp). For example, to allow UDP port 53, you can execute sudo ufw allow 53/udp.
sudo ufw allow <port>/<protocol>

To allow a range of ports:

sudo ufw allow <start-port>:<end-port>/<protocol>

Replace <start-port> with the starting port number, <end-port> with the ending port number, and <protocol> with the protocol. For example, to allow a TCP port range from 8000 to 9000, you can execute sudo ufw allow 8000:9000/tcp.

Deleting Rules or Ports with ufw

To delete added rules in ufw (Uncomplicated Firewall), you can delete them either by rule number or specific allow condition. Here are two methods:

Method 1: Delete by rule number

First, run the following command to view the current status and existing rules of ufw:

sudo ufw status numbered

This will display a numbered list of rules.

Identify the number of the rule you want to delete, then use the following command to delete it, replacing [rule_number] with the actual rule number:

sudo ufw delete [rule_number]

For example, to delete rule number 1, run:

sudo ufw delete 1

Method 2: Delete by allow condition

You can also delete rules by specifying the allow condition, such as the port and protocol. For example, to delete a rule that allows TCP port 80, you can run:

sudo ufw delete allow 80/tcp

Or, if you want to delete a rule that allows UDP port 5000, you can run:

sudo ufw delete allow 5000/udp

After deleting the rule, run sudo ufw status again to confirm that the selected rule has been removed from ufw.

Blocking a Specific IP

To block connections from a specific IP (e.g., 123.57.22.204), use the following command:

sudo ufw deny from 123.57.22.204

Allowing Specific IP to Access Specific Port

To allow a specific IP to access a specific port, use the following command. Replace [ip_address] with the actual IP address you want to allow, [port_number] with the actual port number you want to allow access to, and [protocol] with tcp or udp depending on the protocol you want to allow:

sudo ufw allow from [ip_address] to any port [port_number]/[protocol]

For example, to allow IP address 192.168.1.10 to access TCP port 22, you can run:

sudo ufw allow from 192.168.1.10 to any port 22/tcp

Conclusion

ufw is an easy-to-use and powerful firewall management tool that makes it easier to configure firewall rules on Linux systems. Whether you are a Linux beginner or an experienced administrator, ufw is a tool worth trying out.


Comments