Share your love
Essential UFW Firewall Commands and Rules with Easy Examples
This guide intends to teach you Essential UFW Firewall Commands and Rules. Firewall settings and configuration are an essential part of the secure network. As you may know, UFW (Uncomplicated Firewall) is the default firewall configuration for Debian-based distros such as Ubuntu 24.04 and Debian 12. It is a simple, easy-to-use tool for managing and creating IPV4 and IPV6 firewall rules.
This guide from the Orcacore website tries to provide the most common and Essential UFW Firewall Commands and Rules with Examples. To do this, follow the steps below.
Table of Contents
Learn Essential UFW Firewall Commands and Rules with Examples
Before you go forward with Essential UFW Firewall Commands and Rules, you must install and enable the UFW firewall on your Linux distro. For this purpose, follow the steps below to complete this guide.
Step 1 – Install and Enable UFW Firewall on Linux
You can easily install UFW on your Linux distro using a single command.
On Debian-based distros like Ubuntu and Debian, you can run:
sudo apt install ufw -yFor RHEL-based distros like AlmaLinux, Centos, and Fedora, you can run:
sudo dnf install ufw -yWhen your installation is completed, you must use the command below to enable your UFW firewall:
sudo ufw enable
Step 2 – Common UFW Commands
As you may know, the most common and basic UFW commands are checking your firewall status, disabling your firewall, resetting your firewall, and back to your default settings.
To check whether your firewall status is enabled or disabled, you can run the following command:
sudo ufw statusExample Output:
Status: activeIf you want to disable your UFW firewall, you can simply run:
sudo ufw disableTo reset your UFW firewall and back to default settings and disable it, you can run:
sudo ufw resetAlso, you can use the ufw reload command to apply your new rules:
sudo ufw reloadAt this point, you can proceed to the next step to get UFW rules.
Step 3 – Common UFW Firewall Rules
In this step, we want to discuss on most common UFW rules like allowing or denying incoming connections, deleting rules, etc.
Allow Incoming Connections with UFW Firewall
If you want to allow an incoming connection with a specific port, you can use the following syntax:
sudo ufw allow port/protocolFor example, to allow port 443 (HTTPS) TCP, you can run:
sudo ufw allow 443/tcpNote: If you have multiple ports, you can separate them by using a comma in a single command. For example:
sudo ufw allow 22,25,80,443,9000/tcpAlso, you can add a range of ports with UFW. For example, add the ports between 11200 and 11299:
sudo ufw allow 11200:11299/tcpDeny Incoming Connections with UFW Firewall
At this point, you can easily deny your incoming connection with a specific port. It is the same as the allow rule, you just need to use the deny command. The syntax of it is like:
sudo ufw deny port/protocolFor example, to deny incoming connection on port 443, you can run:
sudo ufw deny 443/tcpAlso, you can deny multiple ports and a range of ports same as in the above step. For example:
# sudo ufw deny 22,25,80,443,9000/tcp
# sudo ufw deny 11200:11299/tcpDeny and Allow Outgoing Connections with UFW
The UFW firewall allows all outgoing connections by default. If you want to block or deny an outgoing connection, you can use the following command:
sudo ufw deny out port/protocolAlso, you can allow your blocked outgoing connections, by using the following command:
sudo ufw allow out port/protocolConfigure UFW Connections From Specific IP Addresses
At this point, you can easily allow connections from a specific IP address. To do this, you can use the following UFW command:
sudo ufw allow from IP_address to anyFor example, to allow connections from 192.168.1.10, you can use:
sudo ufw allow from 192.168.1.10 to anyAlso, you can deny connections from a specific IP address by using the following UFW firewall command:
sudo ufw deny from IP_address to anyConfigure UFW Connections To Specific IP Addresses
On the other hand, you can easily allow or deny connections to a specific IP address. To do this, you can use the following command:
sudo ufw allow or deny from any to IP_address
For example, to allow connections to 192.168.1.10, you can run:
sudo ufw allow from any to 192.168.1.10Block or Allow Application Profiles with UFW
With a UFW firewall, you can easily allow and block traffic from an application. To list available application profiles, you can run:
sudo ufw app list
For example, to allow an OpenSSH profile, you can easily run:
sudo ufw allow opensshDelete UFW Firewall Rules
To delete a UFW firewall rule, you can list your rules by using the command below:
sudo ufw status numberedExample Output:
Then, you can easily use your rule number to delete the rule. For example, we deleted rule 1 (OpenSSH):
sudo ufw delete 1
Monitor and Troubleshoot the UFW Firewall
At this point, you can enable logging in UFW to monitor and troubleshoot your firewall. By default your logs will store in /var/log/ufw.log directory. To enable UFW logging, you can run:
sudo ufw logging onTo disable UFW logging, you can run:
sudo ufw logging offConclusion
The UFW firewall provides a simple and user-friendly interface for managing your firewall settings. You can easily configure your network security and protect your server by using the essential UFW firewall commands and rules.
Hope you enjoy it. Also, you may like to read:
Configure Firewall with UFW on Debian 12 Bookworm
FirewallD Configuration on AlmaLinux 9
