UFW (Uncomplicated Firewall) is a user-friendly interface for managing iptables firewall rules on Ubuntu. This guide covers essential UFW commands for securing your server.
Check UFW Status
>_BASH
$ufw status verboseIf UFW is inactive, the output shows:
OUTPUT
Status: inactiveEnable UFW
[!WARNING] Always add an SSH allow rule before enabling UFW. Otherwise you will lock yourself out.
>_BASH
$ufw allow OpenSSH$ufw enableOUTPUT
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startupCommon Allow Rules
Allow by Application Profile
>_BASH
$ufw allow 'Nginx Full' # Ports 80 and 443$ufw allow 'Apache Full' # Ports 80 and 443$ufw allow OpenSSH # Port 22List available application profiles:
>_BASH
$ufw app listAllow by Port Number
>_BASH
$ufw allow 3306/tcp # MySQL$ufw allow 5432/tcp # PostgreSQL$ufw allow 6379/tcp # Redis$ufw allow 27017/tcp # MongoDBAllow from a Specific IP
>_BASH
$ufw allow from 203.0.113.10 to any port 22$ufw allow from 10.0.1.0/24 to any port 3306Deny Rules
>_BASH
$ufw deny 23/tcp # Block Telnet$ufw deny from 192.168.1.100 # Block a specific IPDelete Rules
List rules with numbers:
>_BASH
$ufw status numberedOUTPUT
Status: active
To Action From
-- ------ ----
[ 1] OpenSSH ALLOW IN Anywhere
[ 2] Nginx Full ALLOW IN Anywhere
[ 3] 3306/tcp ALLOW IN AnywhereDelete rule number 3:
>_BASH
$ufw delete 3View UFW Logs
>_BASH
$tail -f /var/log/ufw.logOUTPUT
Apr 24 10:00:01 server kernel: [UFW BLOCK] IN=eth0 OUT= MAC=... SRC=192.168.1.100 DST=45.77.x.x PROTO=TCP DPT=3306Reset UFW
To remove all rules and start fresh:
>_BASH
$ufw reset[!NOTE] UFW rules are persistent across reboots. You do not need to re-add rules after restarting the server.