Guides and tutorials

Hundreds of tutorials and step by step guides carefully written by our support team.

What is the UFW firewall and how to configure it on a Linux server?

In this tutorial, we will explain in a simple and direct way, how to configure the "ufw" Firewall for your Linux server. This way you can easily configure which incoming connections you want to enable, and can drastically improve the security of your server.

What is UFW?

The acronym "UFW" means "Uncomplicated Firewall" and refers to an application that aims to establish rules in "iptables", the native firewall tables in Linux. Since iptables has a relatively complex syntax, using UFW to perform its configuration is a useful alternative without skimping on security.

Install UFW

The installation of the "ufw" package is very simple and, in fact, it is installed by default in many distributions. In this case, we will indicate the instructions for a distribution based on Debian, such as Ubuntu. In other distributions, the commands to follow may be different.

apt update To update the list of packages.

apt install ufw To install the "ufw" package.

Remember that you will need superuser privileges to perform this operation.

Configure and enable UFW

Once the firewall is installed and configured, we will explain the basic syntax to start establishing rules.

1. Definition of default behavior

First, we must determine if we want UFW, by default, to allow or deny incoming traffic and outgoing traffic.

We can achieve this in the following way: ufw default deny incoming //Denies incoming connections that do not match any rule. ufw default allow incoming //Allow incoming connections that do not match any rule.

For outgoing connections: ufw default deny outgoing //Denies outgoing connections that do not match any rule. ufw default allow outgoing //Allow outgoing connections that do not match any rule.

Our recommendation is to deny incoming connections and allow outgoing connections for a basic configuration. Then, you must create rules to allow access to those connections, protocols or equipment that you consider appropriate.

2. See the current configuration of the firewall

Now that you have created your first rule, you can see the current configuration with the following command:

ufw status

3. Allow SSH connections (IMPORTANT!)

To avoid being excluded from your own server once you enable the firewall, it is important that you create a rule that allows you to connect through port 22 (or whatever you have designated for the SSH service).

You can create your first rule to allow incoming traffic in the following way:

ufw allow 22

Of course, you must specify the port that the service uses.

4. Allow other incoming connections according to protocol, source IP and other parameters

Next, we show you several examples that will show you what the UFW syntax is, adapting each of them according to your needs.

ufw allow 80 // Allow incoming connections through port 80.

ufw allow http // Allow incoming connections through port 80, using the alias "http" instead of the numeric port.

ufw allow 80/tcp // Allow only incoming connections with the TCP protocol through port 80.

ufw allow 1000-2000 // Allow incoming connections in a range of ports.

ufw allow from 10.0.0.30 // Allow incoming connections to any port and protocol to IP 10.0.0.30.

ufw allow from 10.0.0.0/24 // Allow incoming connections to any port and protocol from a range of IPs using the CIDR notation (from 10.0.0.0 to 10.0.0.255 in this case).

ufw allow from 10.0.0.30 to any port 22 // Allow incoming connections to port 22 to IP 10.0.0.30.

ufw allow from 10.0.0.30 to any port 22 proto tcp // Allow incoming connections to port 22, with TCP protocol to IP 10.0.0.30.

This is just a sample of the countless combinations that UFW allows. Of course, remember that you can also use deny to achieve the opposite effect.

5. Delete rules

To eliminate a rule, it is better to show them in a numbered way first. You can achieve this with the following command:

ufw status numbered

Once the rules preceded by a number that identifies them are shown, you can eliminate them as follows:

ufw delete 3 // Delete rule number "3".

6. Insert rules with a specific number

You can use the following syntax to specify rules in a specific place, getting that rule to have priority over those that happen to it.

ufw insert 3 allow 22 // Insert a rule to allow incoming connections in position 3.

7. Activate or deactivate records

UFW has the option to record all the actions that it takes and all the access attempts. You can activate or deactivate the UFW registry in the following way:

ufw logging on // Enables logs. ufw logging off // Disables logs.

8. Activate/Deactivate the firewall

Finally, we will show you how to activate the firewall once you have established the necessary configuration for your server:

ufw enable // Activates the firewall and puts into operation all the established rules. ufw disable // Disable (pause) the firewall. ufw reset // Remove all rules and allow you to start from scratch with the exception of the default behavior that you defined in step 1.

It is done!

If you have followed the steps correctly, now you can successfully configure UFW and use it on your server.

More than 2000 m² of own facilities and Data Centers in Spain
Your privacy is important for us
We use our own cookies for the proper functioning of the site. In addition, third-party cookies are used for analytical purposes only. This information is not associated with any person so that personal identifying data is not stored, but is only information that is collected to identify the session, with the aim of facilitating the analysis of the website. You can change your preferences at any time by entering this website again. For more information about our cookie policy you can visit our Cookies. You can press the "Accept and close" button to give us your consent or you can access more detailed information and manage cookies.
More than 2000 m² of own facilities and Data Centers in Spain
Your privacy is important for us
We use our own cookies for the proper functioning of the site. In addition, third-party cookies are used for analytical purposes only. This information is not associated with any person so that personal identifying data is not stored, but is only information that is collected to identify the session, with the aim of facilitating the analysis of the website. You can change your preferences at any time by entering this website again. For more information about our cookie policy you can visit our Cookies. You can press the "Accept and close" button to give us your consent or you can access more detailed information and manage cookies.