Skip to content

UFW

Uncomplicated Firewall — a simple frontend for iptables on Ubuntu/Debian.
Lets you manage firewall rules with readable commands without dealing with iptables directly.

Setup

sudo apt install ufw

# Allow SSH before enabling — or you'll lock yourself out
sudo ufw allow ssh

sudo ufw enable
sudo ufw status verbose

Allow & Deny Rules

# By service name
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https

# By port number
sudo ufw allow 22
sudo ufw allow 8080

# By port + protocol
sudo ufw allow 443/tcp
sudo ufw allow 51820/udp

# Deny a port
sudo ufw deny 3306     # e.g. block MySQL from outside

# Allow from a specific IP
sudo ufw allow from 192.168.1.100
sudo ufw allow from 192.168.1.100 to any port 22

Delete Rules

# List rules with numbers
sudo ufw status numbered

# Delete by number
sudo ufw delete 3

# Delete by rule definition
sudo ufw delete allow 8080

Other Useful Commands

sudo ufw disable          # turn off the firewall
sudo ufw reset            # remove all rules and disable
sudo ufw reload           # reload after changes

Always allow SSH (sudo ufw allow ssh) before enabling UFW to avoid losing access to your server.