UFW stands for Uncomplicated firewall. A widely used frontend for iptables and suits perfectly for host-based firewalls. It provides a command-line interface that helps in managing the firewall and is shipped out of the box in Ubuntu. Its main goal is to make managing firewalls easier thus the name Uncomplicated firewall.
Before diving into the firewall let us look at the default behaviour of the firewall and application profiles.
UFW Default Policies
The default behaviour of the UFW Firewall is to block all incoming traffic and allow all outbound traffic. You can alter this behaviour by manipulating the policies defined in the "/etc/default/ufw "file.
Application Profiles
Applications that require open ports can include a UFW profile, These profile contains port details that need to be opened for the application to work as expected. They have been placed in the /etc/ufw/applications.d directory.
To list all the application profiles in the system execute the following:
$ sudo ufw app list
Installing UFW
UFW comes out of the box with Ubuntu. For some reason, if it is not installed or removed from the system, you can always install it with the below commands:
$ sudo apt update
$ sudo apt install ufw
Enabling UFW
You can Enable the UFW on your system by running it:
$ sudo ufw enable
Basic operations of UFW
- To allow connections on all ports from a given source IP, run the below command:
Replace 40.30.20.10 with the IPv4 of your choice.$ sudo ufw allow from 40.30.20.10
- If you want to allow specific port access to the given source IP and block the rest run:
Replace 40.30.20.10 with the IPv4 of your choice.$ sudo ufw allow from 40.30.20.10 to any port 22
Other Operations
-
Subnet
The syntax for allowing connections to a subnet of IP addresses is similar to that of a single IP address. The only difference is that you need to specify the netmask details of the subnet you want to allow access to.
Replace 40.30.20.10 with the IPv4 of your choice.$ sudo ufw allow from 40.30.30.10/24 to any port 22
-
Network Interface
To allow connections only on a specific interface use the below command:$ sudo ufw allow in on eth2 to any port 3306
-
Blocking an IP address
To block all network connections that originate from a specific IP address, run the following command:
Replace 40.30.20.10 with the IPv4 of your choice.$ sudo ufw deny in on eth0 from 40.30.20.10
-
Block a Subnet:
If you need to block a full subnet, pass the subnet address details as a parameter to the ufw deny command:
Replace 40.30.20.10 with the IPv4 of your choice.$ sudo ufw deny from 40.30.20.10/24
-
Blocking Income Traffic to a specific network interface:
To block incoming connections from a given IP address to a specific network interface, run the following command:
Replace 40.30.20.10 with the IPv4 of your choice. This could be useful in a scenario where you have a combination of physical NICs and virtual NICs and you need to block external access to some of these interfaces, but not all.$ sudo ufw deny in on eth0 from 40.30.20.10
Deleting UFW Rules
There are two different ways to delete UFW rules one by using the rule number, and the other by specifying the rule itself. Deleting rules by rule number is easier, especially when you are new to UFW. To delete a rule by a rule number first, you need to find the number of the rule you want to delete. To get a list of numbered rules, use the ufw status numbered command:
$ sudo ufw status numbered
Replace 40.30.20.10 with the IPv4 of your choice.
Output
To delete rule number 3, the one that allows connections to port 8080, you would enter:
$ sudo ufw delete 3
The second method is to delete a rule by specifying the actual rule. For example, if you added a rule to open port 80 you can delete it with:
$ sudo ufw delete allow 80
Disabling UFW
If for any reason you want to stop UFW and deactivate all the rules, you can use:
$ sudo ufw disable