Introduction

UFW, or Uncomplicated Firewall, is a user-friendly frontend for managing iptables firewall rules. Its goal is to make firewall configuration easy, or "uncomplicated." This guide provides step-by-step instructions on how to set up UFW on an Ubuntu or Debian server.

Prerequisites

  • A server running Ubuntu or Debian.
  • A user account with sudo privileges.

Step 1: Install UFW

UFW may already be installed by default in Ubuntu. If it's not, you can install it by running:

sudo apt update sudo apt install ufw

Step 2: Check UFW Status

Before making any changes, check the status of UFW:

sudo ufw status verbose

This command will show whether UFW is active and display any existing rules.

Step 3: Set Default Rules

Set the default policies for incoming and outgoing connections:

sudo ufw default deny incoming sudo ufw default allow outgoing

These settings block all incoming connections but allow all outgoing connections. Adjust these settings based on your specific needs.

Step 4: Allow SSH Connections

To ensure you don't lock yourself out of your server, allow SSH connections:

sudo ufw allow ssh

Or if your SSH service is running on a non-standard port (e.g., 2222):

sudo ufw allow 2222/tcp

Step 5: Allow Other Necessary Services

Allow traffic on other ports as needed by your applications. For example:

  • HTTP on port 80:

    sudo ufw allow http

  • HTTPS on port 443:

    sudo ufw allow https

You can also specify ports directly:

sudo ufw allow 8080/tcp

Step 6: Enable UFW

Once you have configured all your rules, enable UFW:

sudo ufw enable

Confirm the action and UFW will start with the rules you've set.

Step 7: Check UFW Status and Rules

To check which rules are currently active:

sudo ufw status numbered

This command lists all active rules with numbers, making it easier to identify and manage specific rules.

Step 8: Managing UFW Rules

To remove a rule, use the delete option with the rule number:

sudo ufw delete [number]

For example:

sudo ufw delete 2

Step 9: Disable UFW (Optional)

If you need to disable UFW for troubleshooting or configuration changes:

sudo ufw disable

Conclusion

UFW is a powerful tool that simplifies firewall management on Ubuntu and Debian servers. By following this guide, you can configure UFW to secure your server effectively against unauthorized access. Remember to only allow services that you need and always keep your firewall rules updated based on your server's configuration.