Ubuntu Server: Configure the firewall with “ufw”

Ubuntu Server’s firewall is called ufw. If you are running an Ubuntu Server, you definitely want to enable some kind of firewall to keep intruders out of your ports. They likely will perform a port scan and try to find weaknesses. You can prevent this by enabling ufw and then configuring it to open ports that need access and close ones that don’t.

Enable ufw:

sudo ufw enable

Check ufw status:

sudo ufw status

Allow a service to run (example: ftp, telnet, ssh, http):

sudo ufw allow http

Open a port:

sudo ufw allow 22

Close a port:

sudo ufw deny 22

Open a range of ports and specify TCP or UDP:

sudo ufw allow 300:310/tcp

Close a range of ports and specify TCP or UDP:

sudo ufw deny 300:310/tcp

Delete a service:

sudo ufw status numbered
#creates a numbered list of services, example:

[ 1] 21/tcp                     ALLOW IN    Anywhere
[ 2] 22/tcp                     ALLOW IN    Anywhere
[ 3] 80/tcp                     ALLOW IN    Anywhere

sudo ufw delete 3
#replace 3 with the service you want to delete

List applications that ufw can open service for:

sudo ufw app list
#will generate a list similar to this:
Available applications:
  Apache
  Apache Full
  Apache Secure
  CUPS
  OpenSSH
  plexmediaserver
  plexmediaserver-all
  plexmediaserver-dlna

Enable an application such as Apache. This is extremely important for a WordPress installation!

sudo ufw allow in "Apache Full"

Disable ufw:

sudo ufw disable

If you somehow screwed your ufw permissions up, you can reset them all. If you are configuring with SSH, make sure to enable your SSH service before re-enabling ufw!

sudo ufw reset

Hopefully, you have configured all of your services appropriately and have a good working firewall. If somehow this exercise is messing your server up, you can always disable it with “sudo ufw disable” until you can get more help or have more time to experiment. Happy and safe computing!

Leave a comment

Your email address will not be published. Required fields are marked *