Firewall, Ubuntu, Ubuntu Server, UFW

Iptables made easy with ufw

UFW is a front-end for iptables and is here to make your life easier!

 Default Rule

To deny all incoming connections:

sudo ufw default deny

To allow all incoming connections:

sudo ufw default allow

 

Enable or Disable ufw

To enable ufw:

sudo ufw enable

To disable ufw:

sudo ufw disable

 

Allow or Deny rules

To allow tcp and udp packets on port x:

sudo ufw allow x

To allow tcp or udp packets on port x:

sudo ufw allow x/tcp

or

sudo ufw allow x/udp

To deny tcp and udp packets on port x:

sudo ufw deny x

To deny tcp or udp packets on port x:

sudo ufw deny x/tcp

or

sudo ufw deny x/udp

 

Delete a rule

To delete a rule issue the following command:

sudo ufw delete allow port_number/tcp

 

Allow or deny a service

To allow a service:

sudo ufw allow http

To deny a service:

sudo ufw deny ssh

 

Logging

To enable logging:

sudo ufw logging on

To disable logging:

sudo ufw logging off

 

Allow or deny specific IP

To allow by ip:

sudo ufw allow from x.x.x.x

To deny by ip:

sudo ufw deny from x.x.x.x

 

Allow a subnet

sudo ufw allow from x.x.x.x/24

or

sudo ufw allow from x.x.x.x to tcp port port_number
sudo ufw allow from x.x.x.x to udp port port_number
sudo ufw allow from x.x.x.x to any port port_number

To deny:

sudo ufw deny from x.x.x.x to any port port_number