How to Add UFW Rules

Uncomplicated FireWall, or UFW for short, is a piece of software that manages your default Netfilter firewall on your Ubuntu system. The following steps will walk you through the process of adding different rules that will secure your server.

Setup Default Rules

When managing your system's firewall, one of the first things you want to do is set some default rules to minimize the number of attack vectors. You can use the ufw default command to create blanket rules for both ingress and egress traffic, as shown below. Once you've added your default rules, you can then add rules on a service or protocol-specific basis.

sudo ufw default allow outgoing

sudo ufw default deny incoming

The line below turns logging on and enables the UFW service to start at boot.

sudo ufw logging on

sudo ufw enable

Allowing Common Protocols

The following rules will allow ssh access, port 22, HTTP, which listens on 80, and HTTPS, which listens on port 443.

sudo ufw allow ssh/TCP

sudo ufw allow HTTP/TCP

sudo ufw allow HTTPS/TCP

Allowing connectivity from a specific IP address

sudo ufw allow from 555.555.555.555

Allowing connectivity from a specific Subnet

sudo ufw allow from 555.555.555.55/24

Allowing connectivity from a specific IP and port

sudo ufw allow from 555.555.555.555 to any port 22 proto TCP

How to display the current status and applied rules.

sudo ufw status

You should see something like so.

plaintext Status: active To Action From — —— —- 22/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 22/tcp (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6)

Purging Rules

To revert to the default settings & purge all configurations.

sudo ufw reset