How to install UFW configuration on Ubuntu/Debian
Terms used in the article
As a system administrator, setting up a firewall system is indispensable. A firewall is a software program that monitors network traffic and prevents unauthorized access to the system.
A firewall is a software program that monitors network traffic and prevents unauthorized access to the system. In addition,
iptables is a firewall utility accessible from the command line and part of Netfilter. And Canonical (the creator of Ubuntu) has developed an iptables interface called Uncomplicated Firewall (UFW) and invites you to see the steps to install and use UFW on Ubuntu.
II. Install UFW on Ubuntu/Debian
To install UFW on Ubuntu/Debian, follow these 3 steps.
Step 1: SSH into the Linux system
To install UFW, you need to SSH into the system. If you don’t know how to SSH, please refer to the following documentation.
Step 2: Update system check settings
sudo apt update sudo apt upgrade
Check install ufw
To check if ufw is installed, you can use the
And if the result doesn’t show output, it means
ufw is not installed and you should install it like below.
Step 3: Install ufw
sudo apt-get install ufw
After your ufw installation is complete, use the command below to check. The initial default after installation, UFW will be disabled because it has not been activated and you have to enable it manually.
sudo ufw status verbose ----------------------------- Output Status: inactive
III. Guide to using ufw
1. Some commands to manage and activate ufw
1.1 Enable ufw after installation
sudo ufw enable
1.2 Disable ufw
sudo ufw disable Output Firewall stopped and disabled on system startup
1.3 Start ufw with system
sudo ufw enable Output Firewall is active and enabled on system startup
1.4 Restore ufw to default
For some reason, you need to restore/delete all existing rules to return to the original defaults, use the reset option to do the following:
sudo ufw reset
1.5 Reload the rules
sudo ufw reload Output Firewall reloaded
2. Use ufw to manage rules
2.1. Allow, open connection port
Syntax of execution
To open any port, you use the following syntax:
sudo ufw allow <port>/<optional: protocol>
Practical example: I will use ufw to open ports 80, 443 and 8080.
sudo ufw allow 80/tcp Hoặc sudo ufw allow http sudo ufw allow 443/tcp Hoặc sudo ufw allow https sudo ufw allow 8080/tcp
2.2 Reject, close connection port
To ban/deny, you use the
deny command and follow the syntax structure as follows:
sudo ufw deny <port>/<optional: protocol>
Practical example: I will close the connection port 3306 and 8080.
sudo ufw deny 3306 sudo ufw allow 8080
In addition, ufw also supports the following simple syntax. If you determine which port belongs to which service you can
deny the service instead of the port belonging to that service.
For example: Port 3306 belongs to the
mysql service and you can deny mysql with the following syntax:
sudo ufw deny mysql
2.3 Allow IP access to a certain port
sudo ufw allow from 192.168.0.1 to any port 22 sudo ufw allow from 192.168.0.1 to any port 3306
This syntax will allow a specific IP to gain access to the specified port. As the example above, I allowed the IP address
192.168.0.1 to be allowed to access port
22, which is
ssh and port
3306, which is
2.4 Delete the rules
To manage the rules on your UFW, you can list them in the form of a list menu. To do this, you use the following command, the screen shows the rules with sequence numbers and you will choose the sequence numbers or rule names to delete.
sudo ufw status numbered
Practical example: As the image above is all the rules, I will remove rule number 7 to allow IP 192.168.0.1 to use port 22. I will use the following syntax to delete:
sudo ufw delete [number]
sudo ufw delete 7
2.5. Enable the port range
UFW allows you to access a range of ports instead of opening each port separately. And when you allow the port range, you need to specify the TCP or UDP port range to open.
Practical example: As below, I will open the range from
35000:35999 on TCP and
sudo ufw allow 35000:35999/tcp sudo ufw allow 35000:35999udp
2.6 Close the port range
Similar to opening the port range in section 2.5 Enable the port range, you can also close the port range with the
deny command. Please use the following syntax to close.
For example: Below, I close the port range
35000:35999 TCP and UDP
sudo ufw deny 35000:35999/tcp sudo ufw deny 35000:35999udp
2.7 Allow and deny IP
- Allow IP access
To allow IP access, you use the following syntax:
sudo ufw allow from $Your_IP
For example, I allowed to open IP
192.168.0.1 on ufw as follows:
sudo ufw allow from 192.168.0.1 Output: Rule added
- Deny IP
To deny IP access, you use the following syntax:
sudo ufw deny from $Your_IP
sudo ufw deny from 192.168.0.1 Output: Rule updated
2.8 Enable IPv6
If you use IPv6 on your VPS, you need to make sure that IPv6 is enabled in UFW. To do this, you need to open the ufw configuration file
/etc/default/ufw and adjust the following:
sudo vi /etc/default/ufw
If the system shows
IPV6=no, please change to
YES to activate.
Thus, AZDIGI has completed the steps to install the UFW configuration on Ubuntu/Debian. Wishing you success! See more useful articles about Linux VPS at the following link:
If you need assistance, you can contact support in the ways below: