ufw

Enable ufw

$ ufw enable

$ ufw disable

$ ufw status numbered

$ ufw allow [5432] comment "[Service]"

$ ufw allow proto [tcp] from [192.168.0.4] to [any] port [22]

$ ufw deny [80]

$ ufw deny proto [udp] from [any] to [any] port [8412:8500]

$ ufw delete [rule_number]

ufw [options]

allow
    Allows incoming traffic to the specified port, protocol/port combination, or from the specified application profile.

deny
    Denies incoming traffic to the specified port, protocol/port combination, or from the specified application profile.

reject
    Rejects incoming traffic to the specified port, protocol/port combination, or from the specified application profile, sending an error message to the sender.

limit
    Allows connections to the specified port, but limits the number of attempts to connect from a single IP address within a certain time frame. Useful for preventing brute-force attacks.

delete
    Deletes the specified firewall rule. The rule can be specified by its number (obtained from 'ufw status numbered') or by its actual rule definition.

status
    Displays the current status of the firewall, including whether it is enabled or disabled and the list of active rules.

enable
    Enables the firewall.

disable
    Disables the firewall.

reload
    Reloads the firewall rules.

reset
    Resets the firewall to its default state, removing all custom rules.

logging
    Configures the logging level. 'on' is equivalent to 'low'.

show
    Shows different parts of firewall rules. applist displays the application profiles. before and after display the iptables rules before and after ufw rules. added displays the rules added by ufw.

app list
    Lists the available application profiles.

app info
    Displays information about the specified application profile.

ufw, or Uncomplicated Firewall, is a user-friendly front-end for managing iptables, the Linux kernel's built-in firewall.
It simplifies the process of configuring a firewall by providing a command-line interface with a focus on ease of use.
Instead of directly manipulating iptables rules, users interact with ufw to define rules based on application profiles or simple port and protocol combinations.
ufw is designed to be easy for beginners to understand and use, while still providing the necessary functionality for more advanced users. ufw allows for easy configuration of rules based on application profiles, which define common ports and protocols used by specific applications. It also supports logging, rate limiting, and IPv6.

ufw only manages IPv4 and IPv6 firewall rules. When enabling/disabling, it may briefly interrupt network connectivity. Rules are applied in order, so the order in which rules are added is important. When using IPv6, ensure the firewall is IPv6 enabled.

Application profiles are predefined sets of rules for common applications. These profiles simplify the process of allowing or denying traffic for specific services. Profiles are located in `/etc/ufw/applications.d`.

ufw supports various rule syntaxes. For example, 'ufw allow 22' allows SSH traffic on port 22, while 'ufw allow from 192.168.1.100 to any port 80' allows traffic from a specific IP address to port 80.

By default, ufw denies all incoming connections and allows all outgoing connections. This configuration helps secure the system immediately after installation and provides a baseline for defining specific rules.

ufw was initially developed by Canonical for the Ubuntu operating system to provide a more user-friendly interface for managing iptables.
It has since become a popular choice for Linux firewalls due to its simplicity and ease of use. The design philosophy focused on hiding the complexities of iptables from novice users, making it accessible to a wider audience.
Its development continues with improvements to application profile support and features like rate limiting.

iptables(8), ip6tables(8)