ufw
Manage a firewall
TLDR
Enable ufw
Disable ufw
Show ufw rules, along with their numbers
Allow incoming traffic on port 5432 on this host with a comment identifying the service
Allow only TCP traffic from 192.168.0.4 to any address on this host, on port 22
Deny traffic on port 80 on this host
Deny all UDP traffic to ports in range 8412:8500
Delete a particular rule. The rule number can be retrieved from the ufw status numbered command
SYNOPSIS
ufw [options]
PARAMETERS
allow
Allows incoming traffic to the specified port, protocol/port combination, or from the specified application profile.
deny
Denies incoming traffic to the specified port, protocol/port combination, or from the specified application profile.
reject
Rejects incoming traffic to the specified port, protocol/port combination, or from the specified application profile, sending an error message to the sender.
limit
Allows connections to the specified port, but limits the number of attempts to connect from a single IP address within a certain time frame. Useful for preventing brute-force attacks.
delete
Deletes the specified firewall rule. The rule can be specified by its number (obtained from 'ufw status numbered') or by its actual rule definition.
status
Displays the current status of the firewall, including whether it is enabled or disabled and the list of active rules.
enable
Enables the firewall.
disable
Disables the firewall.
reload
Reloads the firewall rules.
reset
Resets the firewall to its default state, removing all custom rules.
logging
Configures the logging level. 'on' is equivalent to 'low'.
show
Shows different parts of firewall rules. applist displays the application profiles. before and after display the iptables rules before and after ufw rules. added displays the rules added by ufw.
app list
Lists the available application profiles.
app info
Displays information about the specified application profile.
DESCRIPTION
ufw, or Uncomplicated Firewall, is a user-friendly front-end for managing iptables, the Linux kernel's built-in firewall.
It simplifies the process of configuring a firewall by providing a command-line interface with a focus on ease of use.
Instead of directly manipulating iptables rules, users interact with ufw to define rules based on application profiles or simple port and protocol combinations.
ufw is designed to be easy for beginners to understand and use, while still providing the necessary functionality for more advanced users. ufw allows for easy configuration of rules based on application profiles, which define common ports and protocols used by specific applications. It also supports logging, rate limiting, and IPv6.
CAVEATS
ufw only manages IPv4 and IPv6 firewall rules. When enabling/disabling, it may briefly interrupt network connectivity. Rules are applied in order, so the order in which rules are added is important. When using IPv6, ensure the firewall is IPv6 enabled.
APPLICATION PROFILES
Application profiles are predefined sets of rules for common applications. These profiles simplify the process of allowing or denying traffic for specific services. Profiles are located in `/etc/ufw/applications.d`.
RULE SYNTAX
ufw supports various rule syntaxes. For example, 'ufw allow 22' allows SSH traffic on port 22, while 'ufw allow from 192.168.1.100 to any port 80' allows traffic from a specific IP address to port 80.
DEFAULT POLICIES
By default, ufw denies all incoming connections and allows all outgoing connections. This configuration helps secure the system immediately after installation and provides a baseline for defining specific rules.
HISTORY
ufw was initially developed by Canonical for the Ubuntu operating system to provide a more user-friendly interface for managing iptables.
It has since become a popular choice for Linux firewalls due to its simplicity and ease of use. The design philosophy focused on hiding the complexities of iptables from novice users, making it accessible to a wider audience.
Its development continues with improvements to application profile support and features like rate limiting.