LinuxCommandLibrary

ufw

Manage a firewall

TLDR

Enable ufw

$ ufw enable
copy

Disable ufw
$ ufw disable
copy

Show ufw rules, along with their numbers
$ ufw status numbered
copy

Allow incoming traffic on port 5432 on this host with a comment identifying the service
$ ufw allow [5432] comment "[Service]"
copy

Allow only TCP traffic from 192.168.0.4 to any address on this host, on port 22
$ ufw allow proto [tcp] from [192.168.0.4] to [any] port [22]
copy

Deny traffic on port 80 on this host
$ ufw deny [80]
copy

Deny all UDP traffic to ports in range 8412:8500
$ ufw deny proto [udp] from [any] to [any] port [8412:8500]
copy

Delete a particular rule. The rule number can be retrieved from the ufw status numbered command
$ ufw delete [rule_number]
copy

SYNOPSIS

ufw [options]

PARAMETERS

allow
    Allows incoming traffic to the specified port, protocol/port combination, or from the specified application profile.

deny
    Denies incoming traffic to the specified port, protocol/port combination, or from the specified application profile.

reject
    Rejects incoming traffic to the specified port, protocol/port combination, or from the specified application profile, sending an error message to the sender.

limit
    Allows connections to the specified port, but limits the number of attempts to connect from a single IP address within a certain time frame. Useful for preventing brute-force attacks.

delete
    Deletes the specified firewall rule. The rule can be specified by its number (obtained from 'ufw status numbered') or by its actual rule definition.

status
    Displays the current status of the firewall, including whether it is enabled or disabled and the list of active rules.

enable
    Enables the firewall.

disable
    Disables the firewall.

reload
    Reloads the firewall rules.

reset
    Resets the firewall to its default state, removing all custom rules.

logging
    Configures the logging level. 'on' is equivalent to 'low'.

show
    Shows different parts of firewall rules. applist displays the application profiles. before and after display the iptables rules before and after ufw rules. added displays the rules added by ufw.

app list
    Lists the available application profiles.

app info
    Displays information about the specified application profile.

DESCRIPTION

ufw, or Uncomplicated Firewall, is a user-friendly front-end for managing iptables, the Linux kernel's built-in firewall.
It simplifies the process of configuring a firewall by providing a command-line interface with a focus on ease of use.
Instead of directly manipulating iptables rules, users interact with ufw to define rules based on application profiles or simple port and protocol combinations.
ufw is designed to be easy for beginners to understand and use, while still providing the necessary functionality for more advanced users. ufw allows for easy configuration of rules based on application profiles, which define common ports and protocols used by specific applications. It also supports logging, rate limiting, and IPv6.

CAVEATS

ufw only manages IPv4 and IPv6 firewall rules. When enabling/disabling, it may briefly interrupt network connectivity. Rules are applied in order, so the order in which rules are added is important. When using IPv6, ensure the firewall is IPv6 enabled.

APPLICATION PROFILES

Application profiles are predefined sets of rules for common applications. These profiles simplify the process of allowing or denying traffic for specific services. Profiles are located in `/etc/ufw/applications.d`.

RULE SYNTAX

ufw supports various rule syntaxes. For example, 'ufw allow 22' allows SSH traffic on port 22, while 'ufw allow from 192.168.1.100 to any port 80' allows traffic from a specific IP address to port 80.

DEFAULT POLICIES

By default, ufw denies all incoming connections and allows all outgoing connections. This configuration helps secure the system immediately after installation and provides a baseline for defining specific rules.

HISTORY

ufw was initially developed by Canonical for the Ubuntu operating system to provide a more user-friendly interface for managing iptables.
It has since become a popular choice for Linux firewalls due to its simplicity and ease of use. The design philosophy focused on hiding the complexities of iptables from novice users, making it accessible to a wider audience.
Its development continues with improvements to application profile support and features like rate limiting.

SEE ALSO

Copied to clipboard