Basic Firewalling with UFW on Ubuntu

While other solutions exist, I find ufw to be the most basic and easy solutions to firewalling with iptables.

The ufw ( Uncomplicated Firewall ) is an frontend for most widely used iptables firewall and it is well comfortable for host-based firewalls. ufw gives a framework for managing netfilter , as well as provides a command-line interface for controlling the firewall. It provides user friendly and easy to use interface for Linux newbies who are not much familiar with firewall concepts.

Step 1 Getting Started
On some images, ufw has been installed by default. You can check this by running:

sudo dpkg --get-selections | grep ufw

OR

sudo ufw status

You can install ufw by running the following command to install from Ubuntu’s Repositories:

sudo apt install ufw

(Optional) Step 2 Use IPv6 with UFW
This tutorial was written with only IPv4 in mind, but IPv6 would work as well if you enable it in the config file.

sudo nano /etc/default/ufw
IPV6=yes

Step 3 Setup Default Policies

sudo ufw default deny incoming
sudo ufw default allow outgoing

By default, UFW will deny any incoming connections and allow all outgoing connections. We can use this base to pop holes in our firewall to allow traffic through.

Step 4 Enabling / Disabling UFW
To enable UFW:

sudo ufw enable

will result in this response:

Firewall is active and enabled on system startup

To disable UFW:

sudo ufw disable

This will not push an output.

Step 5 Creating Pinholes

List Current UFW Rules

sudo ufw status verbose

Block An IP Address

sudo ufw deny from 15.15.15.51

This will deny all packets from the IP 15.15.15.51. If you wish to block a subnet, you can exchange the 51 for a 0/24 as follows: 15.15.15.0/24

Allow SSH on Port 22

sudo ufw allow ssh

Changed the port of SSH?
You can use:

sudo ufw allow 42 #Change port 42 to your number

Allow SSH from only your IP?

sudo ufw allow from 15.15.15.0/24  to any port 22

Allow RSYNC
rsync can be used to transfer files between computers. This runs on port 873.
An example of allowing rsync from a IP Subnet would be as follows:

sudo ufw allow from 15.15.15.0/24 to any port 873

Allow HTTP/S Traffic
You can also allow or deny http/s traffic like so:

sudo ufw allow http #or 80
sudo ufw allow https #or 443

The same can be done for deny.
You can also allow both of them from any ip as follows

sudo ufw allow proto tcp from any to any port 80,443

Allow MYSQL

sudo ufw allow from 15.15.15.0/24 to any port 3306

Allow MYSQL from specific interface(like a vpn)

sudo ufw allow in on eth1 to any port 3306

Allow traffic through port ranges

sudo ufw allow 25565:25567/tcp
sudo ufw allow 50000:60000/udp

Allow An IP to Bypass All Rules

sudo ufw allow from 15.15.15.51

Delete A Rule
By Rule Number
If you’re using the rule number to delete firewall rules, the first thing you’ll want to do is get a list of your firewall rules. The UFW status command has the numbered option, which displays numbers next to each rule:

sudo ufw status numbered
Output
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22                         ALLOW IN    15.15.15.0/24
[ 2] 80                         ALLOW IN    Anywhere

If we decide that we want to delete rule 2 , which allows HTTP connections on port 80 , we can specify this in the following UFW delete command:

sudo ufw delete 2

This will show a confirmation prompt, which you can answer with y/n . Typing y will then delete rule 2 . Note that if you have IPv6 enabled, you will want to delete the corresponding IPv6 rule as well.

Need to Reset UFW?

sudo ufw reset

This will disable UFW and delete any rules that you have previously defined. Keep in mind that the default policies won’t change to their original settings if you modified them at any point. This should give you a fresh start with UFW.