How to configure the firewall on Ubuntu using UFW (Uncomplicated Firewall)

Posted in "News"Ubuntu firewall

This article was last updated on Saturday 25th of April 2020 @ 16:16 PM CEST
image 1

The default firewall configuration tool for Ubuntu is Ufw and stands for "Uncomplicated Firewall". It was developed to ease ip-tables firewall configuration, and provides a user friendly way to create an IPv4 or IPv6 host-based firewall. Ubuntu already has a very good tutorial on how to use Ufw which your can find here. I only tried to make it a bit clearer for you using some examples and the port numbers listed. Happy configuring! 


1. Start Ufw.

Ufw by default is initially disabled. So it needs to be enabled on first use. 

sudo ufw enable

If you want to disable it again, use this command: 

sudo ufw disable

By default, Ufw denies all incoming traffic but allows all outgoing traffic, so you will need to open the ports you want to allow. Check your applications and which ports will need to be opened. 


2. Port numbers.

If you don't have a clue which port is used for which application, just take a look in the port list. Most common ports used are: 

21File Transfer Protocol (FTP)
22Secure Shell (SSH)
23Telnet remote login service
25Simple Mail Transfer Protocol (SMTP)
53Domain Name System (DNS) service
80Hypertext Transfer Protocol (HTTP) used in the World Wide Web
110Post Office Protocol (POP)
119Network News Transfer Protocol (NNTP)
137Netbios Name Service (Used by Samba)
138Netbios Datagram Service (Used by Samba)
139Netbios session service (Used by Samba)
143Internet Message Access Protocol (IMAP)
161Simple Network Management Protocol (SNMP)
443HTTP Secure (HTTPS)
445Microsoft-DS SMB file sharing (Samba)


3. Allow incoming traffic.

To allow traffic for SSH to your server you need to open port 22. there are serveral ways to do this. The first option is adding the port number: 

sudo ufw allow 22

Another way is to add the service using the application name: 

sudo ufw allow OpenSSH

To see what applications are available on your system, you need to enter this command: 

sudo ufw app list

Depending on what applications are installed and enabled you will get a list containing all available application names, for example: 

  • Apache
  • Apache Full
  • Apache Secure
  • Bind9
  • OpenSSH
  • Samba

Adding Apache will allow all incoming traffic to port 80, adding Apache Secure will allow all incoming traffic to port 443 for HTTPS,... 


If you have samba installed you could allow all incoming traffic by adding: 

sudo ufw allow 137
sudo ufw allow 138
sudo ufw allow 139
sudo ufw allow 445

Or you can simply allow all incoming traffic to Samba using: 

sudo ufw allow Samba

Or if you only want to allow incoming traffic from hosts within the local network (assuming your IP addresses are in the 192.168.1.x range):

sudo ufw allow from to any app Samba

Or if you want to allow only tcp traffic to a port for a network range: 

sudo ufw allow from to any port 445 proto tcp


4. Deny incoming traffic.

Deny incoming traffic to OpenSSH: 

sudo ufw deny 22


sudo ufw deny OpenSSH


5. Removing rules.

Deleting rules can be accomplished by: 

sudo ufw delete

example, on how to delete deny rule for port 22: 

sudo ufw delete deny 22

or if given by application name: 

sudo ufw delete deny OpenSSH

or by rule number (look at "6. Check the configuration - numbered view of all rules") : 

sudo ufw delete


6. Check the configuration.

To see the firewall status, enter: 

sudo ufw status

And for more verbose status information use: 

sudo ufw status verbose

This will give you the port numbers if you used the application names when adding rules. It's also possible to get a numbered view of all rules 

sudo ufw status numbered 

The numbers can also be used when removing rules ("5. Removing rules - delete by rule number"). 


7. Logging traffic. 

Logging traffic can be useful to recognise hacking attempts, but logging is disabled by default so you need to turn this on:

sudo ufw logging on

To turn it off again, use: 

sudo ufw logging off

The firewall logs will show up in three different log-files in the standard log directory "/var/log". 

Check them using the tail command: 

tail -f /var/log/message
tail -f /var/log/syslog
tail -f /var/log/kern.log
Article was posted on Wednesday 15th of April 2020 @ 17:09 PM CEST   comment(s)