Configure Linux Firewall with UFW

Ad Space

Goal / Objective

Learn to configure and manage a Linux firewall using UFW (Uncomplicated Firewall). This guide covers basic and advanced UFW configuration, including rules, profiles, and logging. By the end, you'll be able to secure your Linux system with proper firewall rules.

Prerequisites

  • Ubuntu or Debian-based Linux system
  • Root or sudo access
  • Basic understanding of network ports and protocols

Architecture Overview

UFW is a user-friendly frontend for iptables. It provides:

  • Simple command-line interface
  • Application profiles for common services
  • IPv4 and IPv6 support
  • Rule ordering and management
  • Logging capabilities

Ad Space

Step-by-Step Instructions

Step 1: Install UFW

UFW is typically pre-installed on Ubuntu. Verify installation:

sudo ufw --version

If not installed:

sudo apt update sudo apt install ufw -y

Step 2: Check UFW Status

Check if UFW is active:

sudo ufw status

If inactive, you'll see "Status: inactive". If active, you'll see current rules.

Step 3: Set Default Policies

Configure default behavior for incoming and outgoing traffic:

sudo ufw default deny incoming sudo ufw default allow outgoing

This denies all incoming connections by default and allows all outgoing connections.

Step 4: Allow SSH (Critical)

Before enabling UFW, allow SSH to prevent lockout:

sudo ufw allow ssh # Or by port: sudo ufw allow 22/tcp

Verify SSH access before proceeding.

Step 5: Allow Common Services

Allow HTTP, HTTPS, and other services:

sudo ufw allow http sudo ufw allow https sudo ufw allow 80/tcp sudo ufw allow 443/tcp

View available application profiles:

sudo ufw app list

Step 6: Allow Specific Ports

Allow specific ports with protocols:

sudo ufw allow 8080/tcp sudo ufw allow 3306/tcp comment 'MySQL' sudo ufw allow from 192.168.1.0/24

Step 7: Enable UFW

Enable the firewall:

sudo ufw enable

Confirm when prompted. UFW will start on boot automatically.

Step 8: View Rules

List all rules:

sudo ufw status verbose sudo ufw status numbered

Advanced Configuration

Delete Rules

Delete rules by number or specification:

sudo ufw delete allow 8080/tcp sudo ufw status numbered sudo ufw delete 3

Allow from Specific IP

Restrict access to specific IP addresses:

sudo ufw allow from 192.168.1.100 sudo ufw allow from 192.168.1.0/24 to any port 22

Rate Limiting

Protect against brute force attacks:

sudo ufw limit ssh/tcp

Enable Logging

Enable firewall logging:

sudo ufw logging on sudo ufw logging high

View logs:

sudo tail -f /var/log/ufw.log

Validation Checklist

  • UFW is installed and accessible
  • Default policies are configured
  • SSH access is allowed before enabling
  • Required services are accessible
  • UFW is enabled and active
  • Rules are listed correctly
  • Logging is configured (optional)
  • Can still access system via SSH

Ad Space

Troubleshooting

Locked Out of SSH

If locked out, access console and disable UFW:

sudo ufw disable

Reset UFW

Reset to default state:

sudo ufw --force reset

Check iptables

UFW uses iptables. View underlying rules:

sudo iptables -L -n -v