UFW: Installation and configuration of Ubuntu’s Firewall

Hello friends, in this article I am going over the installation and configuration of Ubuntu’s Firewall the so called uncomplicated firewall or short UFW. It is fairly easy to work with this firewall and you will recognize what I mean by that.

UFW Firewall
UFW : Uncomplicated Firewall

Installation of UFW

I expect that that you already have a running Ubuntu Server but if you need help to install one go read here. On Ubuntu Servers and Desktops the UFW should already be installed and you can check it’s status by issuing the following command:

sudo ufw status

If it is installed you should see something like the following:

Status: inactive

or you can check with the following command

sudo systemctl status ufw.service

and you should receive something like the following:

● ufw.service – Uncomplicated firewall
Loaded: loaded (/lib/systemd/system/ufw.service; enabled; vendor preset: enabled)
Active: active (exited) since Mon 2021-01-18 14:04:39 MST; 5 days ago
Docs: man:ufw(8)
Process: 383 ExecStart=/lib/ufw/ufw-init start quiet (code=exited, status=0/SUCCESS)
Main PID: 383 (code=exited, status=0/SUCCESS)

If you don’t see any of that then it is save to assume it is not installed and it can be installed with the following command:

sudo apt install ufw

Configuration of UFW

Now that UFW is installed and running lets go ahead and start configuring it. The first thing I always do is to block all incoming traffic with the following rule:

sudo ufw default deny incoming

with the next rule I allow all outgoing traffic:

sudo ufw default allow outgoing

if you feel really paranoid you can block all outgoing traffic as well and allow certain traffic to go through the firewall. Here is how to block all outgoing traffic:

sudo ufw default deny outgoing

If the direction in the rule is not specified it always applies to the incoming rules and if you like to open up an outgoing port you need to specify the direction, for example lets assume you blocked all incoming and outgoing traffice and like to be able to access the ssh server from the outside and also like to perform ssh access to another server. Here are the rules to do so:

sudo ufw allow ssh

The rule above allows incoming ssh traffic and the rule below allows outgoing ssh traffic:

sudo ufw allow out ssh

If you rather prefer the service ports in your rules you can do that too, see below:

sudo ufw allow 22
sudo ufw allow out 22

With UFW you can also specify the protocol type and add comments to the rule to point out why you set this rule:

sudo ufw allow 443/tcp comment ‘allow https traffic for Apache/NginX’
sudo ufw allow 1194/udp comment ‘allow only UDP traffic on port 1194 for OpeenVPN’

UFW also allows to work with ranges and if you work with ranges you need to specify the protocol:

sudo ufw allow 1000:2000/tcp
sudo ufw allow 1000:2000/udp

One can also specify which far IP address can access specific services:

sudo ufw allow from 192.168.5.5 to any port 22 proto tcp

or even more specific to a certain IP if you server happens to have multiple IP address:

sudo ufw allow from 192.168.5.5 to 192.168.1.2 port 22 proto tcp

It is also possible to block certain outgoing ports if you happen to allow all outgoing traffic but like to close for example for 25 or 465 to prevent outgoing SMTP traffic:

sudo ufw reject out 25
sudo ufw reject out 465

Rate limiting is another useful feature of UFW that can block connections that are obviously abusive. This is used to protect against an attacker attempting to bruteforce an open SSH port. Obviously you could whitelist the port to protect it entirely, but rate limiting is useful anyway. By default, UFW rate limits 6 connections per 30 seconds, and it’s intended to be used for SSH:

sudo ufw limit ssh

Some UFW Commands

Turn on or off the UFW Firewall:

sudo ufw disable
sudo ufw enable

or

sudo systemctl disable ufw
sudo systemctl enable ufw

Reloading UFW rules:

sudo ufw reload

Turning logging on or off:

sudo ufw logging on
sudo ufw logging off

Check the UFW Log File:

sudo more /var/log/ufw.log
sudo tail -f /var/log/ufw.log

Deleting rules:
One need to show a numbered list of the rules first

sudo ufw status numbered

this is what it returns:

Status: active
To Action From
— ——— ——-
[ 1] 22 ALLOW IN 192.168.5.5

I order to delete a rule you simply need to specify the line number:

sudo ufw delete 1

Deleting:
allow from 192.168.5.5 to any port 22
Proceed with operation (y|n)? y
Rule deleted

One can also reset the firewall:

sudo ufw reset

Conclusion

As you can see the UFW is fairly simple to work with and configure. I hope you liked this basic UFW article. If you like to read more about UFW go here. Drop a comment if you like for me to add or modify something.