Learn the simple steps to install the UFW firewall on Ubuntu 22.04 LTS Jammy JellyFish Linux using the command terminal to block or open ports in the active firewall.
UFW stands for uncomplicated firewall. The goal of UFW is to provide an uncomplicated command line-based frontend for the very powerful, but not exactly easy to configure Iptables. UFW supports both IPv4 and IPv6.
Users can install this open-source firewall on Linux systems easily because it is included in the package sources – at least if you are using an Ubuntu or Debian distribution. Other Linux users, such as Fedora need to download the source code package to get it.
In short: UFW is an interface to IPTables designed to simplify the process of configuring a firewall. If you want to secure the network or monitor your server’s incoming and outgoing connections, you can’t get past a firewall. UFW is a handy tool that can be controlled and configured via the terminal in Ubuntu.
- Steps to Install UFW Firewall on Ubuntu 22.04 LTS Jammy
- 1: Requirements
- 2. Install UFW on Ubuntu 22.04
- 3. Status, Start, Stop
- 3. Setup Default Policies
- 4. UFW Firewall Rules
- 6. Allow special port ranges and IPs
- 7. Application filter
- 8. Allow all default incoming and outgoing UFW connections
- 9. List & Delete UFW Firewall Rules
- 10. GUI for UFW firewall on Ubuntu 22.04
Steps to Install UFW Firewall on Ubuntu 22.04 LTS Jammy
We don’t need any specific third-party repository to get this firewall. To follow this tutorial users just need to be on Ubuntu with a User account (sudo rights) and active internet connection.
2. Install UFW on Ubuntu 22.04
Next, first, run the system update command on your system to refresh the APT repo cache, and then use the package manager to install the UFW firewall on your system.
sudo apt update
sudo apt install ufw
3. Status, Start, Stop
First of all, you should check whether the program is active. As a rule, ufw is deactivated, as this is specified in the course of the standard installation.
The status is checked with
sudo ufw status
If the output is: Firewall not loaded
In this case, the service is not active. The firewall can be activated by:
sudo ufw enable
Firewall started and enable on system startup means it is also set up as a service, i.e. when the computer is restarted, it is activated directly.
To switch off UFW again, the command is :
sudo ufw disable
The firewall stopped and disabled on system startup which also disables the automatic start of the program.
3. Setup Default Policies
Once the firewall is on your system, we can create our own rules to block or open any application traffic. However, we should first define how inbound and outbound traffic is handled. Although, by default, all incoming connections are denied and all outbound connections are allowed. And it is important because if every incoming connection were allowed, anyone from the outside could reach your server. Hence, to make sure the default settings are set correctly, enter the following commands one after the other:
To block all incoming connections:
sudo ufw default deny incoming
To allow or open all outgoing traffic:
sudo ufw default allow outgoing
4. UFW Firewall Rules
Enabling the firewall without defining rules already means that all incoming connections are prohibited and all outgoing connections are allowed.
ufw uses a three-level set of rules, which is stored in three configuration files. These are read and evaluated in the following order:
/etc/ufw/user.rules (the rules defined in the command line are also persisted)
This means that rules in user. rules may override those in before.rules and rules in after.rules override those of user.rules.
The original rules files contain only a few basic rules that regulate problem-free internal network traffic. Adding rules using UFW is quite simple.
The simplest general syntax is:
sudo ufw allow|deny|reject SERVICE
SERVICE can be one of the protocols mentioned in the file /etc/services file, such as POP3, HTTP, or – any other application service such as if installed – SSH.
For example, you want to allow the port 22 or SSH service the in the UFW firewall, the command will be:
sudo ufw allow ssh
Whereas, if you know the exact port used by the SSH, which by default 22 the command will be:
sudo ufw allow 22/tcp
6. Allow special port ranges and IPs
UFW can enable access to port ranges instead of individual ports. Here you have to specify the protocol – i.e. UDP or TCP – for which the rules should apply.
If the range of ports that you want to allow extends from 5000 to 5010, then you must execute the following commands for UDP and TCP in the terminal.
sudo ufw allow 5000:5010/udp sudo ufw allow 5000:5010/tcp
It is also possible to specify allowed IP addresses with UFW. For example, if you want to allow connections from the private IP address 192.168.0.104, execute the following command:
sudo ufw allow from 192.168.0.104
You can also allow certain ports for an IP address. To do this, you need to mention that particular port such as 22 if you want to establish a connection via SSH to the above-mentioned IP address. This works with the following command:
sudo ufw allow from 192.168.253.49 to any port 22
7. Application filter
Few common services file automatically gets created when a service/program to be protected by ufw is installed. The corresponding configuration files are located in the
/etc/ufw/applications.d/ directory. These are simple text files that contain the service name, a brief description, and the ports and protocols to be opened.
An overview of all current application filters can be obtained with the command
sudo ufw app list
This looks like this, for example:
Available applications: Apache LDAPS LPD MSN MSN SSL Mail submission NFS OpenSSH POP3 POP3S PeopleNearby SMTP SSH
8. Allow all default incoming and outgoing UFW connections
To deny or allow all incoming connections:
For Denying all connections:
sudo ufw default deny incoming
For Allowing all connections:
sudo ufw default allow incoming
To deny or allow all outgoing connections:
Allow all outgoing
sudo ufw default allow outgoing
Deny all outgoing
sudo ufw default deny outgoing
9. List & Delete UFW Firewall Rules
Before deleting let’s first see a list of all the active rules in the UFW firewall. For that we can use:
sudo ufw status numbered
You will see all the UFW rules along with the serial number in which they have been activated. TO delete any of them just use the given command along with the serial number of the same. For example, in the above command, I want to delete the second rule 22/TCP. Then the command will be:
sudo ufw delete 2
10. GUI for UFW firewall on Ubuntu 22.04
Those who are using Graphical Desktop Linux can install a graphical user interface for their UFW firewall called “GUFW” (Graphical Uncomplicated Firewall) to operate it easily. The tool provides an interface with which you can comfortably create rules for incoming and outgoing connections.
sudo apt install gufw
Once the installation is completed go to Application launcher and there search for Firewall and you will have it, click to start. After that, you can configure the rules using the GUI interface of the application.