UFW – Uncomplicated Firewall

ufw is the default firewall available with Ubuntu. It is an easy to use interface to linux iptables. By default ufw is disabled on Ubuntu. To enable, run

ufw enable

Disable firewall

ufw disable

To see status of firewall

ufw status


Example


root@server:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
Nginx HTTP                 ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
21/tcp                     ALLOW       Anywhere                  
20/tcp                     ALLOW       Anywhere                  
8000                       ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
6000:6010/tcp              ALLOW       Anywhere                  
6000:6010/udp              ALLOW       Anywhere                  
5900:5920/tcp              ALLOW       Anywhere                  
5900:5920/udp              ALLOW       Anywhere                  
5901                       ALLOW       Anywhere                  
5900                       ALLOW       Anywhere                  
6000                       ALLOW       Anywhere                  
6001                       ALLOW       Anywhere                  
8181/tcp                   ALLOW       Anywhere                  
8181                       ALLOW       Anywhere                  
Anywhere                   ALLOW       61.206.127.63             
Anywhere                   ALLOW       133.232.67.215            
Anywhere                   ALLOW       198.50.234.187            
22/tcp                     ALLOW       198.50.234.187            
22/tcp                     ALLOW       133.232.67.215            
Nginx HTTP (v6)            ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)             
21/tcp (v6)                ALLOW       Anywhere (v6)             
20/tcp (v6)                ALLOW       Anywhere (v6)             
8000 (v6)                  ALLOW       Anywhere (v6)             
443/tcp (v6)               ALLOW       Anywhere (v6)             
6000:6010/tcp (v6)         ALLOW       Anywhere (v6)             
6000:6010/udp (v6)         ALLOW       Anywhere (v6)             
5900:5920/tcp (v6)         ALLOW       Anywhere (v6)             
5900:5920/udp (v6)         ALLOW       Anywhere (v6)             
5901 (v6)                  ALLOW       Anywhere (v6)             
5900 (v6)                  ALLOW       Anywhere (v6)             
6000 (v6)                  ALLOW       Anywhere (v6)             
6001 (v6)                  ALLOW       Anywhere (v6)             
8181/tcp (v6)              ALLOW       Anywhere (v6)             
8181 (v6)                  ALLOW       Anywhere (v6)             

root@server:~# 

Allow a Port

To allow both tcp/udp on port 80, run

ufw allow 80

To allow TCP connection on port 80, run

ufw allow 80/tcp

Deny a Port

To deny all connection to port 80

ufw deny 80

To deny incoming tcp packets on port 80

ufw deny 80/tcp

Remove allowed port

If you allowed a port and want to remove it, you can run

ufw delete allow 80

Allow SSH access from Only specified IP

ufw allow proto tcp from YOUR_IP_HERE to any port 22
ufw delete allow 22

Posted in Ubuntu