Configure Ubuntu Firewall with UFW - Here's how

One of the firewall solutions for Ubuntu is the "Uncomplicated Firewall". You can read how easy it is to configure the UFW in this guide.

Installation of the Ubuntu firewall UFW

As with some Ubuntu programs, there are two versions of the UFW: the normal version can only be operated via the terminal, and there is also a version with a graphical user interface.

• Since the "Uncomplicated Firewall" is included in the standard installation of Ubuntu, you can easily install the package using the terminal command "sudo apt-get install ufw". This installs the normal command line based UFW version.
• If you want to operate the Ubuntu firewall via a graphical user interface (see below) and not with codes, use the "sudo apt-get install ufw gufw" command to also install the UFW GUI. This is particularly recommended for inexperienced users.

How to configure the UFW using the terminal command line

If you have decided against the graphical version of UFW, you can control and configure the Ubuntu firewall with the following terminal commands:

• "sudo ufw status" provides the current status of the Ubuntu firewall. If the response line is "Status: Inactive", you must first start the firewall.
• "sudo ufw enable" activates the UFW as a service on Ubuntu. This means that the firewall is also executed every time the program is started. If you want to deactivate the UFW again, use the command "sudo ufw disable".
• "sudo ufw allow | deny | reject SERVICE" is the simplest syntax with which new UFW rules can be configured. With "allow" you allow the respective service, with "deny" and "reject" you block the network traffic of the service. In the latter case, the sender of the package receives a notification that it has been blocked. All services are contained in the "Services" file under "etc /", for example ftp, http or pop3.
• "sudo ufw allow | deny [proto] [from [port]] [to [port]]" is the general syntax for configuring special firewall rules. The protocol is defined via "proto", ie UDP or TCP. The sender address and port are declared via "from". The destination address is set via "to".
• In principle, "any" can also be set as the value for the individual parameters in order to cover all possible values ​​(IP addresses, ports, protocols). A possible rule would be "sudo ufw allow proto udp from 123.454.12.01 port 80 to any" - This allows UDP network traffic from the specified server address with port 80 to any destination address.
• "sudo ufw allow / deny [port] / [proto]" allows / disallows network traffic via a special protocol for a specific port. Example: "sudo ufw allow 21 / tcp" configures that all TCP packets coming through port 21 are accepted - regardless of the destination or sender address.
• "sudo ufw default allow / deny" controls all network traffic via the Ubuntu firewall. If you set the value "allow", basically all connections are accepted. In this case, the UFW would work like a blacklist, so that you only block what is to be blocked. However, it is advisable to ban all network traffic with "sudo ufw default deny" in order to release only the necessary services, ports and addresses.
• "sudo ufw logging on / off" (de-) activates the logging function of the Ubuntu firewall. If you set the value to "on", all actions of the UFW are recorded.

The easy configuration: Ubuntu firewall with GUFW

The Ubuntu firewall can be operated very intuitively with the graphical user interface (see picture gallery below).

This practical tip refers to a system with Ubuntu 12.04 "Precise Pangolin" and the UFW version 12.04.1. If you need further help with the Ubuntu firewall, you will find the manufacturer's instructions here and the ubuntuusers wiki entry here.

Latest videos

If you enter "ufw" in the dash, the "Firewall configuration" application is displayed with a white and blue icon. Click on this to start the UFW interface.

First you have to log in with root rights by clicking on "Unlock". Then activate the UFW by flipping the "Status" switch.

(1.) Here you define the global firewall settings for incoming / outgoing connections. (2.) With "+" you add a new rule, with "-" you remove an existing one.

Under "Pre-configured" you can configure firewall rules for some standard applications and services. In the example, incoming connections from "Skype" are generally accepted.

"Simple": (1) block (deny) / allow (allow) (2) outgoing / outgoing (in) network traffic (3) protocol type: UDP, TCP, both (both) (4) port Number / service. In the example, outgoing TCP and UDP packets are blocked via port 870.

(1) A click on "Show advanced options" unlocks two additional fields: (2) Here you define a number for the respective rule. (3) Here you configure whether firewall actions should be logged based on this rule.

$config[ads_text5] not found

You can define special firewall rules with UFW under "Advanced". In the example, all TCP packets that are to be transmitted to the home computer via port 21 from the IP address 80.19.92.11 via one of the ports from 17 to 14 (port range with PortA: PortB) are rejected.