Facebook Twitter Instagram
    TecAdmin
    • Home
    • Ubuntu 20.04
      • Upgrade Ubuntu
      • Install Java
      • Install Node.js
      • Install Docker
      • Install LAMP Stack
    • Tutorials
      • AWS
      • Shell Scripting
      • Docker
      • Git
      • MongoDB
    • FeedBack
    • Submit Article
    • About Us
    Facebook Twitter Instagram
    TecAdmin
    Home»Security»How To Setup A Firewall with UFW on Ubuntu & Debian

    How To Setup A Firewall with UFW on Ubuntu & Debian

    RahulBy RahulSeptember 8, 20154 Mins ReadUpdated:April 22, 2022

    UFW (Uncomplicated Firewall) is a frontend command-line utility for managing iptables rules on a Linux system. It provides a user-friendly, easy-to-manage console command as well as a GUI interface for desktop systems. It is designed to provide easy-to-manage firewalls, even if the user does not have many ideas about firewalls. The UFW aims to provide easy (complicated) commands (although it has GUIs available) for users.

    This tutorial will help you to set up a firewall with UFW on Ubuntu and Debian Linux systems. Let’s begin with the installation of UFW on your system.

    How to Install UFW Firewall

    The Ubuntu and other Debian-based systems ship with default UFW installed. In case it is not installed, run the following command to install UFW. If it’s already installed, the command will upgrade UFW to the latest version.

    Open a terminal and type:

    sudo apt update 
    sudo apt install ufw 
    

    This will install or update UFW firewall packages on your Ubuntu, Debian, or Arch Linux systems.

    How to Enable/Disable UFW Firewall

    By default, UFW is an inactive state on most of the Debian systems. So use the following command to enable UFW:

    Enable UFW

    sudo ufw enable 
    

    To disable the UFW, you can use the following command.

    Disable UFW

    sudo ufw disable 
    

    Check UFW Status

    Now make sure UFW is in an active state by executing the following command.

    sudo ufw status
    
    Status: active
    
    To                         Action      From
    --                         ------      ----
    22                         ALLOW       Anywhere
    22 (v6)                    ALLOW       Anywhere (v6)
    

    Enable/Disable IPv6

    You might be required to use IPv6 with your firewall. Disable IPv6 support if your system is not configured to use IPv6. To do it edit /etc/default/ufw and set IPV6 “yes” or “no”.

    IPV6=no
    

    After making changes disable and enable the firewall to apply changes.

    sudo ufw disable && sudo ufw enable 
    

    Allow Connections with UFW

    Here are some examples of allowing specific ports with the UFW command.

    • Allow Specific Ports – To allow a single port, for example allow port 21(FTP), 80(HTTP) and 443(HTTPS).
      sudo ufw allow 21/tcp 
      sudo ufw allow 80/tcp 
      sudo ufw allow 443/tcp 
      
    • Allow Specific Services – UFW uses /etc/services files to get port of specific service, So we can allow any service with name instead of defining port. Like ftp (21), http(80).
      sudo ufw allow ftp/tcp 
      sudo ufw allow http/tcp 
      sudo ufw allow https/tcp 
      
    • Allow Port Range – We can also allow range of ports in single command like:
      sudo ufw allow 1100-1200/tcp 
      
    • Allow Access to Specific IP – To allow connections from specific ip address use following command.
      sudo ufw allow from 192.168.1.100 
      
    • Allow Access to Subnet – To allow connections from any ip address of subnet use following command.
      sudo ufw allow from 192.168.1.0/24 
      
    • Allow IP to Specific Port – To allow connections from any ip address of subnet use following command.
      sudo ufw allow from 192.168.1.100 to any port 22 
      

    Deny Rules with UFW

    • Deny Specific Ports – To allow a single port, for example allow port 21(FTP), 80(HTTP) and 443(HTTPS).
      sudo ufw deny 21/tcp 
      sudo ufw deny 80/tcp 
      sudo ufw deny 443/tcp 
      
    • Deny Port Range – We can also allow range of ports in single command like:
      sudo ufw deny 1100-1200/tcp 
      
    • Deny Access to Specific IP – To deny connections from specific ip address use following command.
      sudo ufw deny from 192.168.1.100 
      
    • Deny Access to Subnet – To deny connections from any ip address of subnet use following command.
      sudo ufw deny from 192.168.1.0/24 
      
    • Deny IP to Specific Port -To deny connections from any ip address of subnet use following command.
      sudo ufw allow from 192.168.1.100 to any port 22 
      

    Enable or Disable Logging

    UFW created logs for all filtered connections in /var/log/ufw.log file. It can be helpful for troubleshooting Use below to enable or disable logging.

    Enable logging:

    sudo ufw logging on 
    

    Disable logging:

    sudo ufw logging off 
    

    Reference: https://wiki.ubuntu.com/UncomplicatedFirewall

    firewall iptables ufw
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp
    Previous ArticleHow To Setup NTP Server on Ubuntu & LinuxMint
    Next Article How to Change Git Commit Message

    Related Posts

    How to Enable / disable Firewall in Windows

    Updated:May 17, 20222 Mins Read

    How to Install and Configure Fail2ban on Debian 11

    3 Mins Read

    How To Secure SSH Server

    Updated:July 24, 20215 Mins Read

    How to Install and Configure Fail2ban on Ubuntu 20.04

    3 Mins Read

    How to Secure GitLab Server with Let’s Encrypt SSL

    2 Mins Read

    X-XSS-Protection – Secure Apache from Cross-Site Scripting

    Updated:August 31, 20202 Mins Read

    2 Comments

    1. belo on September 4, 2021 1:50 pm

      Deny IP to Specific Port -To deny connections from any ip address of subnet use following command.

      sudo ufw allow from 192.168.1.100 to any port 22
      sudo ufw (deny) from 192.168.1.100 to any port 22 ?

      Reply
    2. Anders on June 26, 2016 2:07 am

      Please do not remove the support for IPv6.
      That will bite you hard if you connect to a network that supports IPv6.

      If you have support for IPv6 turned on, It will not be used if you don’t have support for IPv6 routing in your machine or network. And it will protect you if you have it added. Iven if you turn off the IPv6 module.

      So please, remove or at least strongly suggest not to turn of UFW support for IPv6, even id your machine/network doesn’t support IPv6 for some strange reason.

      Reply

    Leave A Reply Cancel Reply

    Recent Posts
    • How To Install Docker on Ubuntu 22.04
    • How to Install Bower on Ubuntu 22.04 & 20.04
    • How to run “npm start” through Docker
    • Filesystem Hierarchy Structure (FHS) in Linux
    • How to accept user input in Python
    Facebook Twitter Instagram Pinterest
    © 2022 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.