Uncomplicated Firewall (ufw) Basic Commands
Table of Contents
- Introduction
- Basic Commands
- Install ufw
- Enable ufw
- Disable ufw
- Reset ufw
- Reload ufw
- Deny Incoming Connections
- Allow Outgoing Connections
- Allow a Specific IP address
- Allow a Specific IP Address to a Given Port
- Allow a Port for tcp
- Allow a Port for tcp and udp
- Allow a Subnet to a Given Port
- Deny an IP Address
- Block Incoming Connections to a Network Interface
- Delete a Rule with Number
- Get App Info
- Allow a Specific App
- References
We present a quick introduction to Uncomplicated Firewall (ufw), a free and open-source firewall management tool for Linux operating systems. This guide can be useful for users of the TFGrid deploying on full and micro VMs as well as other types of deployment.
Basic Commands
We show here basic commands to set a firewall on Linux with Uncomplicated Firewall (ufw).
Install ufw
- Update
apt update
- Install ufw
apt install ufw
Enable ufw
ufw enable
Disable ufw
ufw disable
Reset ufw
ufw reset
Reload ufw
ufw reload
Deny Incoming Connections
ufw default deny incoming
Allow Outgoing Connections
ufw default allow outgoing
Allow a Specific IP address
ufw allow from <IP_Address>
Allow a Specific IP Address to a Given Port
ufw allow from <IP_Address> to any port <port>
Allow a Port for tcp
ufw allow <port>/tcp
Allow a Port for udp
ufw allow <port>/udp
Allow a Port for tcp and udp
ufw allow <port>
Allow Ports: Examples
Here are some typical examples of ports to allow with ufw:
- Allow SSH (port 22)
ufw allow ssh
- Allow HTTP (port 80)
ufw allow http
- Allow HTTPS (port 443)
ufw allow https
- Allow mysql (port 3306)
ufw allow 3306
Allow Port Ranges
- Template
ufw allow <port_range_floor>:<port_range_ceiling>
- Example
ufw allow 6000:6005
Allow a Subnet
ufw allow from <subnet>
Allow a Subnet to a Given Port
ufw allow from <subnet> to any port <port>
Deny a Port
ufw deny <port>
Deny an IP Address
ufw deny <IP_Address>
Deny a Subnet
ufw deny from <subnet>
Block Incoming Connections to a Network Interface
ufw deny in on <network_interface> from <IP_Address>
Check Rules
Use status to check the current firewall configurations. Add verbose for more details.
ufw status
ufw status verbose
Check Rules (Numbered)
It can be useful to see the numbering of the rules, to remove more easily a rule for example.
ufw status numbered
Delete a Rule with Number
It can be useful to see the numbering of the rules, to remove more easily a rule for example.
ufw delete <rule_number>
Delete a Rule with the Rule Name and Parameters
You can also delete a rule by writing directly the rule name you used to add the rule.
- Template
ufw delete <rule_name> <rule_parameters>
- Example
ufw delete allow ssh
ufw delete allow 22
You can always check the current rules with ufw status to see if the rules are properly removed.
List the Available Profiles Available
ufw app list
This command will give you the names of the apps present on the server. You can then use ufw app info to get information on the app, or allow the app with ufw allow
Get App Info
ufw app info <app_name>
Set ufw in Verbose Mode
ufw verbose
Allow a Specific App
- Template
ufw allow "<app_name>"
- Example
ufw allow "NGINX Full"
ufw man pages - https://manpages.ubuntu.com/manpages/trusty/man8/ufw.8.html