UFW Firewall: How to Install, Configure, and Use It on Ubuntu/Debian

UFW (Uncomplicated Firewall) is one of the easiest ways to manage a Linux firewall. It’s simple enough for beginners, but powerful enough for most server use cases. If you’re running Ubuntu or Debian, UFW is often the best starting point to lock down your system. Here’s how to get started.

What Is UFW?

UFW stands for “Uncomplicated Firewall.” It’s a front-end for iptables that makes managing firewall rules much easier. Instead of memorizing complex commands, you use straightforward syntax to allow or deny traffic.

How to Install UFW

On Ubuntu and most Debian systems, UFW comes pre-installed. If you need to install it manually, just run:

sudo apt update
sudo apt install ufw

Check the version (optional):

ufw --version

Basic UFW Commands

• Enable UFW:
  sudo ufw enable
• Disable UFW:
  sudo ufw disable
• Check Status:
  sudo ufw status
• Show Detailed Status:
  sudo ufw status verbose

Configuring UFW

By default, UFW is inactive. Before enabling it, set your basic rules.

1. Set Default Policies

Start by setting the default policy to deny all incoming connections and allow all outgoing:

sudo ufw default deny incoming
sudo ufw default allow outgoing

2. Allow Essential Services

SSH (so you don’t lock yourself out):

sudo ufw allow ssh

Or, if you use a custom port, for example 2222:

sudo ufw allow 2222/tcp

Web Traffic (HTTP/HTTPS):

sudo ufw allow http
sudo ufw allow https

Other Services:
Allow other ports as needed (replace port with your service’s port):

sudo ufw allow port/tcp

3. Enable UFW

Once your basic rules are set, turn on the firewall:

sudo ufw enable

Caution: If you’re connected via SSH, make sure you’ve allowed SSH traffic first, or you could get locked out.

Managing UFW Rules

List Rules:

sudo ufw status numbered

Delete a Rule:
Find the rule number from the list above and delete it like this:

sudo ufw delete [number]

Deny Traffic:
To explicitly deny a port:

sudo ufw deny 8080

Allow Specific IPs:
To allow SSH only from a trusted IP:

sudo ufw allow from 203.0.113.5 to any port 22

Common Use Cases

• Allow a Port Range:
  sudo ufw allow 6000:6007/tcp
• Allow Specific Subnet:
  sudo ufw allow from 192.168.1.0/24
• Reset UFW (removes all rules):
  sudo ufw reset

Monitoring UFW

To check logs:

sudo less /var/log/ufw.log

Or enable logging if needed:

sudo ufw logging on

Summary

UFW is a great way to keep your Ubuntu or Debian server secure without the headache of complex firewall syntax. Remember to test your configuration, and always keep your SSH port open if you’re managing your server remotely.

Got questions or tips about using UFW? Drop them in the comments below!

Mark Vincent

Tech enthusiast and content creator passionate about making technology simple for everyone. I share practical tips, guides, and reviews on the latest in computers, software, and gadgets. Let’s explore the digital world together!