The Ultimate Guide to Ubuntu Firewall: Learn UFW Commands and Tips

It’s common to read a news story where cybercrime costs businesses billions of dollars annually, with data breaches and hacking attacks, isn’t it? 

A Ubuntu firewall is one of the security tools and acts as an intermediary between your Ubuntu VPS server system and the internet. It analyzes all inbound and outbound network traffic and blocks malicious activities along with unauthorized access. Most probably, a new Linux VPS server without robust security measures is vulnerable to various cyberattacks.

Today, virtual private server hosting providers commonly offer the Ubuntu operating system, which facilitates a dedicated virtual server environment with full control over your server and the ability to install and run your software and applications. Hence, protecting your data against cybercrime is of the utmost priority. 

Ubuntu is one of the most used Linux distributions and also integrates a built-in firewall, known as UFW (Uncomplicated Firewall). UFW is a command-line tool designed to make it easier to manage powerful but much more complex firewall systems called iptables. In this tutorial, we will guide you step by step through everything you need to know about the use of the Ubuntu firewall-from installation and configuration to advanced configurations.

Pre-requisites

Before we move ahead, it is essential to know that if you are currently running on Ubuntu version 16.04 or lower, upgrading to a newer version is required. Since Ubuntu no longer supports such versions, an upgraded version of Ubuntu will help you follow the guide more easily. 

You also need an Ubuntu-running server with a non-root user with sudo privileges.

What is UFW?

UFW is a user-friendly interface for managing Ubuntu’s firewall rules. It is useful for both beginners and advanced users. UFW can allow or deny the incoming or outgoing traffic according to the rules that are set up, providing an additional layer of security to the system.

In simple words, if a VPS user sets custom rules using UFW, then the advanced technology will start filtering the incoming and outgoing traffic according to the rules, just like the way email filters work, segregating the emails. 

UFW is a Linux firewall setup application. It ships pre-installed with Ubuntu and Debian 10 or later, but by default it is disabled. The Uncomplicated Firewall (Ubuntu security firewall), or UFW, works using the command line interface (CLI) and relies on iptables for its configuration. 

It also comes with a graphical user interface known as GUFW, which users can install on their desktop environment. Meanwhile, UFW command line use applies to a remote server such as VPS.

Why is the Ubuntu firewall important?

1. Protection against cyber threats:

1. Blocks malicious attacks such as hacking, malware infection, and DDoS attacks.
2. Keeps strangers away from your system and sensitive data.

2. System safety:

1. Protects the network from all possible threats in traffic. This is because of the protection against possible vulnerabilities.
2. Keeps protecting and sustaining the system’s stability.

3. Data privacy:

1. Keeps your personal and confidential information safe.
2. Offers protection against data leakages and theft. 

Installing UFW on your server

In most Ubuntu installations, UFW is installed by default. However, if it’s missing, you can install it using the below command:

Command:

sudo apt update
sudo apt install ufw

Once the installation is complete, verify the same with the following command: 

Command:

ufw --version

Benefits of using Ubuntu’s UFW

1. User-friendly interface: Configuration and management are not tough tasks.
2. Good Security: The firewalls will provide good security against common threats.
3. Flexibility: Rules can be configured according to the need in specific areas of security.
4. Integration with Ubuntu: They integrate well in the Ubuntu ecosystem.

Installing UFW on your server

With the basic UFW commands, you can configure UFW on your Ubuntu server. 

Enable UFW firewall

sudo ufw enable

This starts the firewall and enforces configured rules.

Disable firewall Linux Ubuntu UFW:

sudo ufw disable

Disabling UFW stops all rules, leaving your system unprotected.

Checking the firewall status

To check whether UFW is active, use the below command:

sudo ufw status

This will show all the active command stats and other similar details.

To view the current rules or get a detailed view, use the below command:

sudo ufw status verbose

Note: The default policies of the UFW Ubuntu security firewall block incoming connections and allow outgoing connections, so most users require nothing more. But if you run a network service or application server, you’ll want to set up custom rules.

Set Ubuntu security firewall custom rules

The best firewall for Ubuntu rule helps to define how your system acts towards a connection: accept it or block it. Below, we explain how to come up with personal, customized UFW rules for ports, IP addresses, and services.

Allowing Traffic

1. To allow traffic from SSH, follow the command:

sudo ufw allow ssh

2. Allow traffic from a specific port (e.g., port 80 for HTTP) and follow the command:

sudo ufw allow 80

3. Allow traffic from a specific IP (e.g., 192.168.1.100). Follow the command:

sudo ufw allow from 192.168.1.100

Denying Traffic

1. To block specific traffic from SSH, follow the below command:

sudo ufw deny ssh

2. To block specific traffic to a port (e.g., 8080):

sudo ufw deny 8080

Restricting Traffic

From brute-force attacks, restrict repeated connections using the below command:

sudo ufw limit ssh

Allowing Traffic by Subnet

To allow a range of IP addresses (for example, 192.1458.1.50/894), use the following command:

sudo ufw allow from 192.1458.1.50/894

Specifying Protocols

Rules can be protocol-specific

For example, to allow traffic on UDP port 123, use the following command:

sudo ufw allow 123/udp

Setting Up Rules By Interface

To allow traffic on a specific network interface, follow the given command:

sudo ufw allow in on eth0 to any port 443

Deleting Rules on Ubuntu Firewall

1. To delete firewall rules in Ubuntu, use the delete command. Here’s the syntax:

sudo ufw delete rule_number

2. Since deleting rules requires their number label, list them using this command:

sudo ufw status numbered

3. Now, replace the placeholder with the appropriate rule number. For example, here’s a command that will delete rule number four.

sudo ufw delete 4

Otherwise, you can also set default firewall rules for incoming and outgoing traffic. To do that, go ahead and use these commands:

sudo ufw default deny incoming
sudo ufw default allow outgoing

To fully nuke the UFW rules and restart from a clean slate, you can run the reset command:

sudo ufw reset

To look through other commands or see available options, take a look at the UFW manual by running the following:

sudo ufw -help

Working on services of firewall Linux Ubuntu

UFW allows administrators to control network services on Ubuntu systems using either an open and close port or, alternatively, if the port is not used, they can type in the service name.

HTTP transmissions over port 80 use, whereas HTTPS connections require port 443. In order to enable HTTP connections, you should use the following command:

sudo ufw allow http

With this command, the HTTP port 80 opens automatically and, by allowing HTTPS connections, opens port 443.

Logging and Monitoring

Like website monitoring tools, UFW logging also gives system administrators the ability to view all incoming or outgoing packets that have been stored in the iptables. This provides extensive detail regarding the source, destination, and type of protocol through which the packets are being transmitted.

It helps troubleshoot connectivity problems and detects any potential security threat.

1. Enable Ubuntu security firewall log connection attempts by using the below command:

sudo ufw logging on

2. To disable Linux firewall Ubuntu logging goes with the command:

sudo ufw logging off

3. UFW logs are found at /var/log/ufw.log. You can view real-time logs using the command:

tail /var/log/ufw.log
sudo tail -f /var/log/ufw.log

Resetting and Disabling UFW

Resetting UFW in firewall Ubuntu resets all configurations and custom settings back to their default, which erases any created rules. It is useful when one wants to have a firewall system start fresh and debug firewall problems.

In a similar way, disabling the UFW Ubuntu security firewall temporarily stops the firewall so all network traffic flows through without filtering. However, the careful note of this is that doing so ends up opening up your system to many attacks.

1. Resetting UFW

To remove all the rules and get back to defaults:

sudo ufw reset

2. Disabling UFW

To momentarily stop the firewall:

sudo ufw disable

Best firewall for Ubuntu: Top practices and tips required

1. Setup UFW Early: Install UFW immediately after you install Ubuntu for protection right from the start.
2. Backup Rules: Before you make drastic alterations, save your rules by executing the following command: 

sudo iptables-save > ufw-backup.txt.

3. Watch out for SSH rules: Make sure you have a rule allowing SSH before you activate UFW, especially on remote servers.
4. Use UFW Profiles: Many services, such as Apache and Nginx, come with preconfigured UFW profiles. You can list them with the following command:

• Allow a profile like this:

sudo ufw allow 'Nginx Full'