BestHub
Sign in
Information Security 7 min read

Master Ubuntu’s UFW: Simple Commands to Enable, Configure, and Manage Firewall Rules

This article introduces Ubuntu’s Uncomplicated Firewall (UFW), explaining how to enable, disable, reset, set default policies, and create, modify, or delete specific IP, port, and protocol rules using concise command-line examples, helping users quickly secure client machines with practical firewall configurations.

Raymond Ops
Raymond Ops
Raymond Ops
Master Ubuntu’s UFW: Simple Commands to Enable, Configure, and Manage Firewall Rules

Wiki

UFW (Uncomplicated Firewall) is the default firewall component on Ubuntu, designed as a lightweight front‑end for iptables and provides a friendly interface for creating IPv4/IPv6 firewall rules.

Enable and Disable

# ufw enable // enable firewall
# ufw disable // disable firewall
# ufw reset // reset firewall, delete all rules and disable

You can view the firewall status with:

# ufw status
# Status: inactive
# Status: active
# ... (if rules are added, they will be listed here)

Set the default firewall rule; the default is to allow all traffic.

# ufw default allow|deny // set default rule
allow : allow
deny : deny

Protocol Rules

Protocol rules are firewall rules related to network protocols.

ufw [delete] [insert NUM] allow|deny [in|out] [PORT[/PROTOCOL]] [comment COMMENT]

delete : delete the rule
insert NUM : insert rule at position NUM
allow|deny : allow or deny the rule
in|out : apply to incoming or outgoing traffic
PORT : port number
protocol : e.g., tcp or udp
comment : optional comment

Add a rule allowing SSH (port 22, TCP) at position 2: # ufw insert 2 allow in 22/tcp Block inbound SSH on port 22:

# ufw deny in 22

IP Rules

IP rules can include port and protocol, but not the other way around.

ufw [delete] [insert NUM] allow|deny [in|out [on INTERFACE]] [proto PROTOCOL] [from ADDRESS [port PORT]] [to ADDRESS [port PORT]] [comment COMMENT]

INTERFACE : network interface
from ADDRESS : source IP address
to ADDRESS : destination IP address
PORT : port number (source or destination)
Other options are similar to protocol rules

Add a rule allowing TCP from 192.168.0.2 on port 22 (SSH): # ufw allow proto tcp from 192.168.0.2 port 22 Allow forwarding from a source IP/port to a destination IP/port, e.g., source 192.168.0.2:80 to destination 192.168.0.2:8080:

# ufw allow from 192.168.0.2 port 80 to 192.168.0.2 port 8080

Delete Rules

There are two ways to delete rules: by rule content or by rule number.

Method 1

Prepend delete to the rule command:

# ufw allow 22/tcp // add SSH rule
# ufw delete allow 22/tcp // delete SSH rule

Method 2

Use ufw status numbered to view rule numbers, then delete by number:

# ufw status numbered
Status: active
[ 1] 22 ALLOW IN Anywhere
# ufw delete 1 // delete the first rule

Recommended Settings

# ufw enable
# ufw allow ssh // add SSH rule (shorthand)
# ufw default deny // set default policy to deny (SSH rule already added)
# ... you can add further custom rules as needed

For deeper understanding, consult the official documentation; UFW is a wrapper over iptables, which works on all Linux distributions, not only Ubuntu.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

firewalllinuxSecurityUbuntuufwCommand-line
Raymond Ops
Written by

Raymond Ops

Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment