How to configure ubuntu's firewall using Uncomplicated Firewall (UFW)

UFW, or uncomplicated firewall is a configuration tool that makes configuring iptables easy, so why not enable it and harden your server security ?

Before getting started

You can run a basic port scan (with nmap) to see wich ports are already open, -v for verbose mode and -sT to run a TCP connect() Scan.

$ sudo apt-get install nmap
$ nmap -v -sT localhost

Uncomplicated Firewall

Iptables and ufw are both available by default in Ubuntu.

First, we check the status, and change default incoming policy to deny (all outgoing traffic is allowed).

$ sudo ufw status
$ sudo ufw default deny
$ sudo ufw logging on

Next, we add some rules:

$ sudo ufw allow ssh/tcp
$ sudo ufw allow http/tcp

or the same:

$ sudo ufw allow 22/tcp
$ sudo ufw allow 80/tcp

Finally, we can enable the firewall.

$ sudo ufw enable

That’s it ! Now you don't have to worry about ports/services on your server anymore.

You can disable the firewall if needed.

$ sudo ufw disable


We can see the iptables rules that ufw have generated.

$ sudo iptables -L

And you ?

Any tips on how to setting up iptables with ufw on Ubuntu Server ?

You should follow me on Twitter

Share this article

Tip with Bitcoin

Tip me with Bitcoin and vote for this post!


Leave a comment

© Thomas Sileo. Powered by Pelican and hosted by DigitalOcean.