UFW: Common Firewall Rules and Commands

A firewall is a security system that monitors and controls the incoming and outgoing network traffic based on predefined security rules. It is an essential component of any secure network, whether it is a personal computer or a large enterprise network.

Uncomplicated Firewall (UFW) is a user-friendly, command-line interface for managing iptables, the Linux kernel’s built-in firewall. Designed to be simple and easy to use, UFW helps administrators manage and enforce network security policies without delving into the complexities of iptables. In this article, we will explore common firewall rules and commands to help you get started with UFW.

Installing and Enabling UFW

To install UFW on Debian/Ubuntu-based systems, use the following command:

sudo apt-get install ufw 

On CentOS/RHEL/Fedora-based systems, use:

sudo yum install ufw 

Once installed, enable UFW with:

sudo ufw enable 

Basic UFW Commands

Here are some basic UFW commands to help you manage your firewall:

• sudo ufw status: Check the status of UFW (enabled or disabled) and display existing rules.
• sudo ufw disable: Disable UFW.
• sudo ufw reset: Reset UFW to its default settings and disable it.

Common Firewall Rules

Here are some commonly used ufw commands:

Allow or Deny Incoming Connections

To allow incoming connections on a specific port, use:

sudo ufw allow [port]/[protocol]

1	sudo ufw allow [port]/[protocol]

For example, to allow incoming connections on TCP port 80 (HTTP):

sudo ufw allow 80/tcp 

To deny incoming connections on a specific port, replace “allow” with “deny”:

sudo ufw deny [port]/[protocol]

1	sudo ufw deny [port]/[protocol]

Allow or Deny Outgoing Connections

By default, UFW allows all outgoing connections. To block outgoing connections on a specific port, use:

sudo ufw deny out [port]/[protocol]

1	sudo ufw deny out [port]/[protocol]

To allow outgoing connections on a blocked port, replace “deny” with “allow”:

sudo ufw allow out [port]/[protocol]

1	sudo ufw allow out [port]/[protocol]

Allow or Deny Connections from Specific IP Addresses

To allow or deny connections from a specific IP address, use:

sudo ufw [allow|deny] from [IP_address] to any

1	sudo ufw [allow|deny] from [IP_address] to any

For example, to allow connections from 192.168.1.10:

sudo ufw allow from 192.168.1.10 to any 

Allow or Deny Connections to Specific IP Addresses

To allow or deny connections to a specific IP address, use:

sudo ufw [allow|deny] from any to [IP_address]

1	sudo ufw [allow|deny] from any to [IP_address]

For example, to deny connections to 10.0.0.5:

sudo ufw deny from any to 10.0.0.5 

Deleting Rules

To delete a specific rule, first run:

sudo ufw status numbered

1	sudo ufw status numbered

This will display a numbered list of rules. Identify the rule you want to delete and use its number in the following command:

sudo ufw delete [rule_number]

1	sudo ufw delete [rule_number]

Logging

UFW can log activity to help you monitor and troubleshoot your firewall. To enable logging, use:

sudo ufw logging [on|off]

1	sudo ufw logging [on|off]

Logs are stored in /var/log/ufw.log by default.

Conclusion

UFW provides a convenient and straightforward interface for managing Linux firewalls. By using common commands and rules, administrators can easily configure network security policies to protect their systems from unauthorized access. As with any security tool, it’s essential to keep UFW up-to-date and continually review and adjust your firewall rules to meet evolving security requirements.