Use UFW on Linux – Fast Firewall Setup for Servers

Use UFW on a Linux server to simplify managing your firewall and securing your system from unauthorized access. UFW (Uncomplicated Firewall) is a user-friendly front-end for iptables, designed to make firewall configuration straightforward for both beginners and advanced users.

This guide will walk you through how to use UFW on a Linux server, including installation, setting default policies, allowing and denying connections, enabling the firewall, and checking its status.

Prerequisites

• A Linux server running Ubuntu, Debian, or any Linux distribution that supports UFW.
• Root or sudo privileges are required to install and configure the firewall.
• Terminal access to run commands on your Linux system.

Steps to Use UFW (Uncomplicated Firewall) on Linux

UFW (Uncomplicated Firewall) is a user-friendly command-line tool for managing firewall rules on Linux systems. Designed to simplify iptables configuration, UFW allows administrators to easily allow or deny traffic based on ports, IP addresses, and protocols. It’s ideal for securing servers without the complexity of traditional firewall tools.

Step 1: Install UFW on the Linux Server

UFW is often installed by default on Ubuntu and Debian systems, but if not, install it with:

sudo apt update
sudo apt install ufw

Verify installation by checking the version:

ufw --version

Step 2: Set Default Firewall Policies

The default policy controls how UFW behaves when no specific rule matches.

Set the default to deny all incoming connections and allow all outgoing connections:

sudo ufw default deny incoming
sudo ufw default allow outgoing

This ensures your server rejects incoming traffic you have not explicitly allowed, while you can freely initiate outgoing connections.

Step 3: Allow Essential Incoming Connections

Before enabling UFW, allow SSH to avoid locking yourself out if you connect remotely:

sudo ufw allow ssh

For web servers, allow HTTP and HTTPS traffic:

sudo ufw allow http
sudo ufw allow https

Alternatively, use port numbers explicitly:

sudo ufw allow 22    # ssh
sudo ufw allow 80    # http
sudo ufw allow 443   # https

Step 4: Enable UFW on the Linux Server

Activate UFW to enforce your firewall rules:

sudo ufw enable

You will be prompted to confirm. Once enabled, UFW starts blocking incoming connections except those allowed by your rules.

Step 5: Check UFW Status and Rules

Check the current status and rules set on your firewall:

sudo ufw status verbose

This displays whether the firewall is active, the default policies, and the list of allowed or denied services and ports.

Step 6: Manage UFW Rules

You can add or remove rules anytime:

• Allow access from a specific IP:

sudo ufw allow from 192.168.1.100

• Allow access from an IP to a specific port:

sudo ufw allow from 192.168.1.100 to any port 3306

• Allow a range of ports (e.g., TCP ports 2000–2004):

sudo ufw allow 2000:2004/tcp

• Deny access to a service or port:

sudo ufw deny 8080

• Limit connections to prevent brute force (example for SSH):

sudo ufw limit ssh

• Delete a rule (refer by port or service):

sudo ufw delete allow 80

Step 7: Disable UFW

If you need to temporarily disable the firewall:

sudo ufw disable

Additional Commands and Tips for Using UFW

• Reset UFW to clear all rules and restore defaults:

sudo ufw reset

• Enable logging for UFW (helpful for troubleshooting):

sudo ufw logging on

• Check UFW logs (usually in /var/log/ufw.log):

sudo tail -f /var/log/ufw.log

Conclusion

To use UFW on a Linux server, install the UFW package, set sensible default policies that deny incoming and allow outgoing traffic, and carefully add rules to allow necessary services such as SSH, HTTP, and HTTPS. Enabling UFW activates a strong, easy-to-manage firewall protecting your Linux server. Regularly review your firewall rules and logs to maintain security. For further learning and advanced configurations, refer to the official UFW documentation.