How Beginners Can Create UFW on Linux Server Safely and Quickly

When securing Linux servers, a firewall is essential for blocking threats and controlling access. Administrators often create UFW Firewall rules because UFW offers a simple yet powerful way to manage ports, services, and overall server security.

In this article, we’ll explore how to create and configure UFW on a Linux server. We’ll cover installation, configuration, service management, setting up rules, monitoring activity, handling common issues, and enhancing overall server security with UFW. By the end, you’ll have a clear understanding of how UFW protects your Linux system effectively.

Prerequisites

Before installing UFW, ensure you have the following ready:

• A Linux server (Ubuntu/Debian recommended, as UFW comes pre-installed)
• Root or sudo user privileges
• SSH access to the server
• Basic Linux command-line knowledge

Most Ubuntu and Debian systems come with UFW pre-installed. However, if it isn’t available, you can easily add it from your package manager.

Install UFW on Linux

Installing UFW on Linux is simple, as it comes pre-installed on many modern distributions or is available in the default repositories. With just a few commands, you can quickly set up UFW and start managing firewall rules to secure your server.

• Update System Packages

sudo apt update && sudo apt upgrade -y   # For Ubuntu/Debian  
sudo yum update -y                       # For CentOS/RHEL  

• Install UFW

On Ubuntu/Debian:

sudo apt install ufw -y  

For CentOS/RHEL, UFW isn’t available by default. Instead, you may use FirewallD, but UFW can still be installed from EPEL repositories.

• Verify Installation

ufw status  

If UFW is installed, this will return the current firewall status (inactive by default).

Configuring UFW on Linux

Before enabling UFW, it’s important to configure it correctly to avoid accidentally blocking essential services. Proper configuration ensures that necessary ports like SSH, HTTP, and HTTPS remain accessible while unwanted traffic is restricted. By defining rules in advance, you can strike the right balance between security and functionality on your Linux server.

Default Policies

By default, UFW blocks all incoming connections and allows all outgoing ones. You can set:

sudo ufw default deny incoming  
sudo ufw default allow outgoing  

This ensures that only defined rules will allow traffic into your server.

• Allowing SSH Access

To avoid locking yourself out, allow SSH first:

sudo ufw allow ssh  

or

sudo ufw allow 22/tcp  

Managing UFW Services on Linux

Like other system services, UFW can be managed with systemctl or its commands.

• Enable UFW:

sudo ufw enable  

• Disable UFW:

sudo ufw disable  

• Reload rules:

sudo ufw reload  

• Check status:

sudo ufw status verbose  

Adding Firewall Rules with UFW

Rules define which traffic is allowed or denied.

Allowing Common Services

• HTTP:

sudo ufw allow http  

• HTTPS:

sudo ufw allow https  

• FTP:

sudo ufw allow 21/tcp  

• MySQL:

sudo ufw allow 3306/tcp  

• Allow by Port Range

sudo ufw allow 1000:2000/tcp  

• Denying Traffic

sudo ufw deny 23/tcp  

(Blocks Telnet for security reasons.)

Monitoring and Logging with UFW

UFW comes with built-in logging to help you monitor activity.

• Enable logging:

sudo ufw logging on  

• View logs:

sudo less /var/log/ufw.log  

Logs help track suspicious attempts and verify rule effectiveness.

Automating UFW Rules

Automation ensures your firewall adapts as your server grows and new services are deployed. By using scripts or configuration management tools, you can define UFW rules once and have them applied consistently across reboots or server environments. This reduces manual work and ensures consistent security policies.

Enable Rules on Boot

One of the key advantages of UFW is that once it is enabled, it automatically starts at boot. This means your firewall rules remain active after system restarts, ensuring continuous protection without requiring manual intervention every time the server powers on.

Predefined Application Profiles

UFW includes predefined application profiles stored in the directory /etc/ufw/applications.d/. These profiles make managing firewall rules simpler for commonly used services. Instead of manually adding ports, you can allow or deny access based on the application name. For example:

sudo ufw app list  
sudo ufw allow "OpenSSH"  

This feature saves time and reduces configuration errors, especially when managing multiple services like Apache, Nginx, or OpenSSH. It’s an efficient way to maintain security while ensuring that essential applications remain accessible.

Enhancing Security with UFW

While UFW is simple, you can enhance its security by combining it with other tools.

• Restrict SSH access to specific IPs:

sudo ufw allow from 192.168.1.100 to any port 22  

• Block specific IPs completely:

sudo ufw deny from 203.0.113.0  

• Use UFW with Fail2ban for automated banning of malicious IPs.
• Combine with AppArmor or SELinux for layered security.

Common Issues and Fixes in UFW

Even though UFW is uncomplicated, issues may arise.

• Locked out after enabling UFW → Always allow SSH before enabling.
• Rules not applying → Use sudo ufw reload to refresh configuration.
• Conflicts with FirewallD → Disable FirewallD before using UFW on CentOS/RHEL.
• Application not working → Ensure the correct port and protocol (TCP/UDP) are allowed.

These quick fixes can resolve most problems without much downtime. And by identifying these problems early, you can quickly fix UFW firewall issues in Linux.

FAQs: Create UFW on Linux Server

How do I create UFW Firewall on a Linux server?

To create UFW Firewall on Linux, install the UFW package, enable it, and add rules for specific ports or services. This ensures only authorized traffic can access your server while blocking unwanted connections.

Why should I create UFW Firewall on Linux?

Creating UFW Firewall provides a simple yet effective way to secure your server. It blocks unauthorized access, manages open ports, and protects against brute-force attacks while being easy to configure, even for beginners.

Can I create custom rules with UFW Firewall?

Yes, UFW allows you to create custom firewall rules. You can allow or deny specific ports, limit SSH attempts, and tailor security settings based on your server’s requirements for enhanced protection.

Conclusion

UFW provides an easy yet effective way to manage firewall rules on Linux servers. With simple commands, you can allow or deny services, set up logging, automate rule enforcement, and strengthen your overall security. By combining UFW with SSH hardening, Fail2ban, and other best practices, your server becomes much more resilient to unauthorized access.

Firewall management may seem intimidating, but UFW makes it approachable even for beginners while still being powerful for advanced users. For deeper guidance and advanced configurations, always refer to the official UFW documentation.