Cyberithub

Top 25 ufw firewall commands every Linux Admin Should Know

In this tutorial, I will take you through the steps to setup and configure UFW Firewall on Ubuntu 18.04. You might be thinking what is ufw is all about and why do we use it. Well, ufw is basically acts as an interface to iptables and designed to simplify the process of configuring a firewall. Now you might be thinking that  why we are not using iptables firewall directly.The answer of this question is iptables might pose some difficulty for some beginner’s to understand and use it fully whereas ufw makes beginner life little easy in understanding the firewall in Linux.

What is UFW ? 

UFW is often abbreviated as Uncomplicated Firewall which acts as an interface for legendary iptables. You can set firewall rules using UFW very easily as compared to iptables.

What is the default setting of UFW Firewall ?

Default setting means by default it will allow all outgoing traffic and block all incoming traffic. when you boot your system it will show in disable state unless you manually enable the firewall.

Top 25 ufw firewall commands every Linux Admin Should Know 1

Also Read: Top 12 Nginx Command Every Linux Admin Should Know

1. Check Ubuntu Firewall version

To check ubuntu firewall version, you need to run sudo ufw version command.

test@localhost:~$ sudo ufw version
ufw 0.36
Copyright 2008-2015 Canonical Ltd.

2. Check Ubuntu Firewall Status

To check ubuntu firewall status you need to run sudo ufw status command. If you can notice the output it is currently showing in inactive state which means it is not currently not filtering any traffic.

test@localhost:~$ sudo ufw status
Status: inactive

3. Check Uncomplicated Firewall Status Numbered

If you want to check all the rules currently set in firewall with the numbering, you need check the status by running sudo ufw status numbered command. This command is specifically useful when you want to delete some rule.

test@localhost:~$ sudo ufw status numbered
Status: active

To Action From
-- ------ ----
[ 1] 886 DENY IN Anywhere
[ 2] 123 ALLOW OUT Anywhere (out)
[ 3] 123 ALLOW IN Anywhere
[ 4] 1521 DENY IN 10.126.254.8
[ 5] 1521 DENY IN 10.126.254.0/24
[ 6] 1521 on enp0s3 DENY IN Anywhere
[ 7] 886 (v6) DENY IN Anywhere (v6)
[ 8] 123 (v6) ALLOW OUT Anywhere (v6) (out)
[ 9] 123 (v6) ALLOW IN Anywhere (v6)
[10] 1521 (v6) on enp0s3 DENY IN Anywhere (v6)

4. Delete UFW Firewall Rule by Number

If you want to delete some firewall rule then the most easiest way will be to delete the rule by number. You can check the above command to check the number for each of the rule. Let’s say I want to delete Rule number 3 which is 123 ALLOW IN Anywhere, then i will go ahead and run sudo ufw delete 3 command. This command will delete Rule number 3 from the firewall as can be seen below.

test@localhost:~$ sudo ufw delete 3
Deleting:
 allow 123
Proceed with operation (y|n)? y
Rule deleted

5. Enable Ubuntu Firewall

If you want your firewall to start filtering network traffic, you need to enable your firewall and change it to active state by running sudo ufw enable command.

test@localhost:~$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

6. Disable Ubuntu UFW Firewall

If you want to disable Ubuntu UFW Firewall, you need to use sudo ufw disable command. This command ensures that firewall will not comes up automatically after System Reboot.

test@localhost:~$ sudo ufw disable
Firewall stopped and disabled on system startup

7. Check Allowed Applications through firewall

If you want to check all the applications currently allowed through ufw firewall, you need to use sudo ufw app list command.

test@localhost:~$ sudo ufw app list
Available applications:
CUPS
Nginx Full
Nginx HTTP
Nginx HTTPS
OpenSSH

8. Reload Linux UFW Firewall

To reload Linux ufw firewall you need to run sudo ufw reload command. This command will reload the ufw configuration file and will take the updated changes done in config file.

test@localhost:~$ sudo ufw reload
Firewall reloaded

NOTE:

It is important here to notice the difference between reload and restart argument with ufw command. Restart will basically terminate all the processes and start it again while Reload will load the configuration file again. So if you have done any recent changes in configuration file, it is advisable to use the reload argument to load the configuration file again.

9. Reset Uncomplicated Firewall

If you want to reset ufw or uncomplicated firewall, you need to use sudo ufw reset command. This command will basically set the ufw firewall back to default settings.

test@localhost:~$ sudo ufw reset
Resetting all rules to installed defaults. This may disrupt existing ssh
connections. Proceed with operation (y|n)? y
Backing up 'user.rules' to '/etc/ufw/user.rules.20200106_115143'
Backing up 'before.rules' to '/etc/ufw/before.rules.20200106_115143'
Backing up 'after.rules' to '/etc/ufw/after.rules.20200106_115143'
Backing up 'user6.rules' to '/etc/ufw/user6.rules.20200106_115143'
Backing up 'before6.rules' to '/etc/ufw/before6.rules.20200106_115143'
Backing up 'after6.rules' to '/etc/ufw/after6.rules.20200106_115143'

10. Block Port 80 Traffic

If you want to block port 80 instead of blocking http application which basically means the same thing, you can do that by running sudo ufw deny 80 command.

test@localhost:~$ sudo ufw deny 80
Rules updated
Rules updated (v6)

11. Allow only TCP Connections to Port 80

Let’s say you want to allow only tcp connections to port 80, you can do that by running sudo ufw allow 80/tcp command.

test@localhost:~$ sudo ufw allow 80/tcp
Rule added
Rule added (v6)

12. Deny Incoming UDP Connections to Port 80

If you want to deny Incoming UDP Connections to Port 80, then run sudo ufw deny 80/udp command.

test@localhost:~$ sudo ufw deny 80/udp
Rule added
Rule added (v6)

13. Deny Outbound NTP Traffic

If you want to deny outgoing NTP traffic, you can do that by using sudo ufw deny out 123 command.

test@localhost:~$ sudo ufw deny out 123
Rules updated
Rules updated (v6)

14. Allow Outbound NTP Traffic

If you want to allow Outgoing NTP Traffic at Port 123, you can do that by using sudo ufw allow out 123 command.

test@localhost:~$ sudo ufw allow out 123
Rules updated
Rules updated (v6)

15. Allow Inbound NTP Traffic

If you want to allow Incoming NTP(Network Time Protocol) traffic, then you need to run sudo ufw allow 123 command.

test@localhost:~$ sudo ufw allow 123
Rules updated
Rules updated (v6)

16. Allow Oracle DB Traffic from Specific IP Address

If you want to allow Oracle DB traffic from an IP Address 10.126.254.8, then you need to execute below command.

test@localhost:~$ sudo ufw allow from 10.126.254.8 to any port 1521
Rules updated

17. Allow Oracle DB Traffic from Specific Subnet

If you want to allow Oracle DB Traffic from a particular subnet say 10.126.254.0/24, then you need to use below command.

test@localhost:~$ sudo ufw allow from 10.126.254.0/24 to any port 1521
Rules updated

18. Deny Oracle DB Traffic from Specific IP Address

If you want to deny Oracle DB Traffic from a particular subnet say 10.126.254.0/24, then you need to run below command.

test@localhost:~$ sudo ufw deny from 10.126.254.8 to any port 1521
Rules updated

19. Allow MySQL DB Traffic from Specific Subnet

If you want to allow MySQL DB Traffic from a particular subnet say 10.126.254.0/24, then you need to run below command.

test@localhost:~$ sudo ufw deny from 10.126.254.0/24 to any port 3389
Rules updated

20. Allow Oracle DB Traffic to Specific Network Interface

If you want to allow Oracle DB Traffic to a specific interface say enp0s3 in this case, then you need to execute below command.

test@localhost:~$ sudo ufw allow in on enp0s3 to any port 1521
Rules updated
Rules updated (v6)

21. Allow Oracle DB Traffic to Specific Network Interface

If you want to deny Oracle DB Traffic coming in to interface enp0s3, then you can do it through below command.

test@localhost:~$ sudo ufw deny in on enp0s3 to any port 1521
Rules updated
Rules updated (v6)

22. Limit SSH Connections

To limit ssh connections to 6 within 30 seconds, use sudo ufw limit ssh command. This might help sometimes in preventing DOS attacks.

test@localhost:~$ sudo ufw limit ssh
Rule added
Rule added (v6)

23. Reject SSH Connections on Port 22

Sometimes you might want to reject some connections and wanted to send rejection notification to sender whenever he tries to connect to a particular port say Port 22 in this case.

test@localhost:~$ sudo ufw reject 22
Rule added
Rule added (v6)

24. Change Default Incoming Policy

If you want to change default Incoming policy to deny, then you need to run sudo ufw default deny incoming command.

test@localhost:~$ sudo ufw default deny incoming
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)

25. Change Default Outgoing Policy

If you want to change default Outgoing policy to deny, then you can do it by running sudo ufw default allow outgoing command.

test@localhost:~$ sudo ufw default allow outgoing
Default outgoing policy changed to 'allow'
(be sure to update your rules accordingly)

26. Some More UFW Firewall Options

OptionsDescription
--versionshow program's version number and exit
-h, --help show help message and exit
--dry-rundon't modify anything, just show the changes
enablereloads firewall and enables firewall on boot.
disableunloads firewall and disables firewall on boot
reloadreloads firewall
defaultallow|deny|reject DIRECTION
change the default policy for traffic going DIRECTION, where DIRECTION is one of incoming, outgoing or routed. Note that existing rules will have to
be migrated manually when changing the default policy. See RULE SYNTAX for more on deny and reject
loggingon|off|LEVEL
toggle logging. Logged packets use the LOG_KERN syslog facility. Systems configured for rsyslog support may also log to /var/log/ufw.log. Specifying
a LEVEL turns logging on for the specified LEVEL. The default log level is 'low'.
show REPORTdisplay information about the running firewall. See REPORTS
allow ARGSadd allow rule
deny ARGS add deny rule.
reject ARGSadd reject rule.
limit ARGSadd limit rule. Currently only IPv4 is supported.
delete RULE|NUMdeletes the corresponding RULE
insert NUM RULE insert the corresponding RULE as rule number NUM

Also Read: Calculate Loan EMI Amount using Script in Linux

Popular Searches

  • ufw enable
  • ufw allow port
  • ufw firewall
  • ubuntu disable firewall
  • ubuntu firewall
  • ubuntu ufw
  • ubuntu allow port
  • ubuntu firewall open port
  • ubuntu open port

Leave a Comment