Master Ubuntu’s UFW: Simple Commands to Enable, Configure, and Manage Firewall Rules

Wiki

UFW (Uncomplicated Firewall) is the default firewall component on Ubuntu, designed as a lightweight front‑end for iptables and provides a friendly interface for creating IPv4/IPv6 firewall rules.

Enable and Disable

<code># ufw enable // enable firewall
# ufw disable // disable firewall
# ufw reset // reset firewall, delete all rules and disable</code>

You can view the firewall status with:

<code># ufw status
# Status: inactive
# Status: active
# ... (if rules are added, they will be listed here)</code>

Set the default firewall rule; the default is to allow all traffic.

<code># ufw default allow|deny // set default rule
allow : allow
deny : deny</code>

Protocol Rules

Protocol rules are firewall rules related to network protocols.

<code>ufw [delete] [insert NUM] allow|deny [in|out] [PORT[/PROTOCOL]] [comment COMMENT]

delete : delete the rule
insert NUM : insert rule at position NUM
allow|deny : allow or deny the rule
in|out : apply to incoming or outgoing traffic
PORT : port number
protocol : e.g., tcp or udp
comment : optional comment</code>

Add a rule allowing SSH (port 22, TCP) at position 2:

<code># ufw insert 2 allow in 22/tcp</code>

Block inbound SSH on port 22:

<code># ufw deny in 22</code>

IP Rules

IP rules can include port and protocol, but not the other way around.

<code>ufw [delete] [insert NUM] allow|deny [in|out [on INTERFACE]] [proto PROTOCOL] [from ADDRESS [port PORT]] [to ADDRESS [port PORT]] [comment COMMENT]

INTERFACE : network interface
from ADDRESS : source IP address
to ADDRESS : destination IP address
PORT : port number (source or destination)
Other options are similar to protocol rules</code>

Add a rule allowing TCP from 192.168.0.2 on port 22 (SSH):

<code># ufw allow proto tcp from 192.168.0.2 port 22</code>

Allow forwarding from a source IP/port to a destination IP/port, e.g., source 192.168.0.2:80 to destination 192.168.0.2:8080:

<code># ufw allow from 192.168.0.2 port 80 to 192.168.0.2 port 8080</code>

Delete Rules

There are two ways to delete rules: by rule content or by rule number.

Method 1

Prepend

delete

to the rule command:

<code># ufw allow 22/tcp // add SSH rule
# ufw delete allow 22/tcp // delete SSH rule</code>

Method 2

Use

ufw status numbered

to view rule numbers, then delete by number:

<code># ufw status numbered
Status: active
[ 1] 22 ALLOW IN Anywhere
# ufw delete 1 // delete the first rule</code>

Recommended Settings

<code># ufw enable
# ufw allow ssh // add SSH rule (shorthand)
# ufw default deny // set default policy to deny (SSH rule already added)
# ... you can add further custom rules as needed</code>

For deeper understanding, consult the official documentation; UFW is a wrapper over iptables, which works on all Linux distributions, not only Ubuntu.