UFW also known as Uncomplicated Firewall is an interface to iptables and is particularly well-suited for host-based firewalls. UFW provide an easy to use interface for beginner user who is unfamiliar with firewall concepts. It is most popular firewall tool originating from Ubuntu. It supports both IPv4 and IPv6.
In this tutorial, we will learn how to install and use UFW firewall on Linux.
Requirements
Ubuntu
By default, UFW is available in most Ubuntu based distributions. If it is deleted, you can install it by running the following linux command.
Debian
You can install UFW in Debian by running the following linux command:
CentOS
By default, UFW is not available in CentOS repository. So you will need to install the EPEL repository to your system. You can do this by running the following linux command:
Once the EPEL repository is installed, you can install UFW by just running the following linux command:
After installing UFW, start UFW service and enable it to start on boot time by running the following linux command.
Next, check the status of UFW with the following linux command. You should see the following output:
You can also disable UFW firewall by running the following linux command:
Set UFW Default Policy
By default, UFW default policy setup to block all incoming traffic and allow all outgoing traffic. You can setup your own default policy with the following linux command.
Add and Delete Firewall Rules
You can add rules for allowing incoming and outgoing traffic in two ways, using the port number or using the service name. For example, if you want to allow both incoming and outgoing connections of HTTP service. Then run the following linux command using the service name.
Or, run the following command using the port number:
If you want to filter packets based on TCP or UDP, then run the following command:
You can check the status of added rules with the following linux command.ufw status verbose
You should see the following output:
You can also deny any incoming and outgoing traffic any time with the following commands:
If you want to delete allowed rules for HTTP, simply prefix the original rule with delete as shown below:
In this tutorial, we will learn how to install and use UFW firewall on Linux.
Requirements
- Any Linux based distribution installed on your system
- root privileges setup on your system
Ubuntu
By default, UFW is available in most Ubuntu based distributions. If it is deleted, you can install it by running the following linux command.
Bash:
# apt-get install ufw -y
Debian
You can install UFW in Debian by running the following linux command:
Code:
# apt-get install ufw -y
CentOS
By default, UFW is not available in CentOS repository. So you will need to install the EPEL repository to your system. You can do this by running the following linux command:
Code:
# yum install epel-release -y
Once the EPEL repository is installed, you can install UFW by just running the following linux command:
Code:
# yum install --enablerepo="epel" ufw -y
After installing UFW, start UFW service and enable it to start on boot time by running the following linux command.
Code:
# ufw enable
Next, check the status of UFW with the following linux command. You should see the following output:
Code:
# ufw status
Status: active
You can also disable UFW firewall by running the following linux command:
Code:
# ufw disable
Set UFW Default Policy
By default, UFW default policy setup to block all incoming traffic and allow all outgoing traffic. You can setup your own default policy with the following linux command.
Code:
ufw default allow outgoing
ufw default deny incoming
Add and Delete Firewall Rules
You can add rules for allowing incoming and outgoing traffic in two ways, using the port number or using the service name. For example, if you want to allow both incoming and outgoing connections of HTTP service. Then run the following linux command using the service name.
Code:
ufw allow http
Or, run the following command using the port number:
Code:
ufw allow 80
If you want to filter packets based on TCP or UDP, then run the following command:
Code:
ufw allow 80/tcp
ufw allow 21/udp
You can check the status of added rules with the following linux command.ufw status verbose
You should see the following output:
Code:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
80/tcp ALLOW IN Anywhere
21/udp ALLOW IN Anywhere
80/tcp (v6) ALLOW IN Anywhere (v6)
21/udp (v6) ALLOW IN Anywhere (v6)
You can also deny any incoming and outgoing traffic any time with the following commands:
Code:
# ufw deny 80
# ufw deny 21
If you want to delete allowed rules for HTTP, simply prefix the original rule with delete as shown below:
Code:
# ufw delete allow http
# ufw delete deny 21