How do I enable UFW in Ubuntu? Learn how to protect your box


So how do you enable UFW in Ubuntu Linux 20.04 / 18.04 / 16.04 LTS server or desktop system to protect yourself from hackers and crackers? Let us see how easy it is to use ufw on Linux.

What is UFW?

ufw means an uncomplicated firewall. It provides both a command-line interface and a framework for managing a Netfilter (iptables) firewall. We can protect the cloud server or desktop with IPv4 and IPv6. You can be an Ubuntu developer or sysadmin. One must quickly enable UFW in Ubuntu to secure servers and desktop.

Enabling UFW on Ubuntu 20.04 / 18.04 / 16.04 LTS

  1. Open the terminal application.
  2. For remote server login using the ssh command. For instance:
    ssh user@your-server-ip-address-here
    ssh vivek@aws-ec2-server-ip
  3. Next, gain a root shell on Ubuntu box:
    sudo -i
  4. Before we enable ufw, open, and allow access to our ssh port, we don’t want to be locked out:
    ufw allow ssh
  5. Make sure we allow outgoing connect from our Ubuntu Linux desktop or server:
    ufw default allow outgoing
  6. Block all incoming connection except ssh by default:
    ufw default deny incoming
  7. Turn on and enable ufw to protect us from hackers, run:
    ufw enable
  8. That is all.

Viewing ufw firewall status

All you have to do is type the following command:
sudo systemctl status ufw.service
Which should produce outputs as follows:

● ufw.service - Uncomplicated firewall
     Loaded: loaded (/lib/systemd/system/ufw.service; enabled; vendor preset: enabled)
     Active: active (exited) since Wed 2020-10-28 10:21:19 UTC; 5 days ago
       Docs: man:ufw(8)
    Process: 2608481 ExecStart=/lib/ufw/ufw-init start quiet (code=exited, status=0/SUCCESS)
   Main PID: 2608481 (code=exited, status=0/SUCCESS)

Oct 28 10:21:19 nixcraft-server-1 systemd[1]: Starting Uncomplicated firewall...
Oct 28 10:21:19 nixcraft-server-1 systemd[1]: Finished Uncomplicated firewall.

We can also run the ufw command:
sudo ufw status
And it will list rules:

Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)             

Okay, I enabled ufw, what next?

We can open additional ports. Are you running a web server such as Apache or Lighttpd, or Nginx? Let us open TCP port 80 (HTTP) and (HTTPS):
sudo ufw allow http
sudo ufw allow https
sudo ufw status

Want to block an attacker's IP address or subnet? Fear not, we can do that too:
$ sudo ufw deny from 1.2.3.4 to any
$ sudo ufw deny from 1.2.3.0/24 to any
$ sudo ufw insert 1 deny from 2.3.4.5 comment 'block hacker'
$ sudo ufw insert 1 reject from 192.168.5.100

Of course, replace 1.2.3.4 with an actual IP address or CIDR (Classless inter-domain routing), but you know that, don't you? How about blocking outdate ports such those used by telnet (TCP/23) and ftp (21/20)? Here is how to do that too:
sudo ufw deny ftp
sudo ufw deny telne

Oh, we can block/deny by port number too:
sudo ufw deny 4444/tcp
How cool is that?

Conclusion

We learned some simple but effective firewalling with ufw to protect ourselves from the scum of the Internet. Staying safe is essential. Always open only desired TCP and UDP ports. Ensure you write secure code and never trust user inputs for all your web-facing or internal services. Want to learn more? See:

🐧 If you liked this page, please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
0 comments… add one

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.