How to install UFW Firewall on Ubuntu 22.04 LTS Jammy

Learn the simple steps to install the UFW firewall on Ubuntu 22.04 LTS Jammy JellyFish Linux using the command terminal to block or open ports in the active firewall. 

UFW stands for uncomplicated firewall. The goal of UFW is to provide an uncomplicated command line-based frontend for the very powerful, but not exactly easy to configure Iptables. UFW supports both IPv4 and IPv6.

Users can install this open-source firewall on Linux systems easily because it is included in the package sources – at least if you are using an Ubuntu or Debian distribution. Other Linux users, such as Fedora need to download the source code package to get it.

In short: UFW is an interface to IPTables designed to simplify the process of configuring a firewall. If you want to secure the network or monitor your server’s incoming and outgoing connections, you can’t get past a firewall. UFW is a handy tool that can be controlled and configured via the terminal in Ubuntu.

Steps to Install UFW Firewall on Ubuntu 22.04 LTS Jammy

1: Requirements

We don’t need any specific third-party repository to get this firewall. To follow this tutorial users just need to be on Ubuntu with a User account (sudo rights) and active internet connection.

 

2. Install UFW on Ubuntu 22.04

Next, first, run the system update command on your system to refresh the APT repo cache, and then use the package manager to install the UFW firewall on your system.

sudo apt update
sudo apt install ufw

 

3. Status, Start, Stop

First of all, you should check whether the program is active. As a rule, ufw is deactivated, as this is specified in the course of the standard installation.

The status is checked with

sudo ufw status

If the output is: Firewall not loaded

In this case, the service is not active. The firewall can be activated by:

sudo ufw enable

Firewall started and enable on system startup means it is also set up as a service, i.e. when the computer is restarted, it is activated directly.

To switch off UFW again, the command is :

sudo ufw disable

The firewall stopped and disabled on system startup which also disables the automatic start of the program.

 

3. Setup Default Policies

Once the firewall is on your system, we can create our own rules to block or open any application traffic. However,  we should first define how inbound and outbound traffic is handled. Although, by default, all incoming connections are denied and all outbound connections are allowed. And it is important because if every incoming connection were allowed, anyone from the outside could reach your server. Hence, to make sure the default settings are set correctly, enter the following commands one after the other:

To block all incoming connections:

sudo ufw default deny incoming

To allow or open all outgoing traffic:

sudo ufw default allow outgoing

 

4. UFW Firewall Rules

Enabling the firewall without defining rules already means that all incoming connections are prohibited and all outgoing connections are allowed.

ufw uses a three-level set of rules, which is stored in three configuration files. These are read and evaluated in the following order:

/etc/ufw/before.rules

/etc/ufw/user.rules (the rules defined in the command line are also persisted)

/etc/ufw/after.rules

This means that rules in user. rules may override those in before.rules and rules in after.rules override those of user.rules.

The original rules files contain only a few basic rules that regulate problem-free internal network traffic. Adding rules using UFW is quite simple.

The simplest general syntax is:

sudo ufw allow|deny|reject SERVICE

SERVICE can be one of the protocols mentioned in the file /etc/services file, such as POP3, HTTP, or – any other application service such as if installed – SSH.

For example, you want to allow the port 22 or SSH service the in the UFW firewall, the command will be:

sudo ufw allow ssh

Whereas, if you know the exact port used by the SSH, which by default 22 the command will be:

sudo ufw allow 22/tcp

 

6. Allow special port ranges and IPs

UFW can enable access to port ranges instead of individual ports. Here you have to specify the protocol – i.e. UDP or TCP – for which the rules should apply.

If the range of ports that you want to allow extends from 5000 to 5010, then you must execute the following commands for UDP and TCP in the terminal.

sudo ufw allow 5000:5010/udp
sudo ufw allow 5000:5010/tcp

It is also possible to specify allowed IP addresses with UFW. For example, if you want to allow connections from the private IP address 192.168.0.104, execute the following command:

sudo ufw allow from 192.168.0.104

You can also allow certain ports for an IP address. To do this, you need to mention that particular port such as 22 if you want to establish a connection via SSH to the above-mentioned IP address. This works with the following command:

sudo ufw allow from 192.168.253.49 to any port 22

 

7. Application filter

Few common services file automatically gets created when a service/program to be protected by ufw is installed. The corresponding configuration files are located in the /etc/ufw/applications.d/ directory. These are simple text files that contain the service name, a brief description, and the ports and protocols to be opened.

An overview of all current application filters can be obtained with the command

sudo ufw app list

This looks like this, for example:

Available applications:
Apache
LDAPS
LPD
MSN
MSN SSL
Mail submission
NFS
OpenSSH
POP3
POP3S
PeopleNearby
SMTP
SSH

 

8. Allow all default incoming and outgoing UFW connections

To deny or allow all incoming connections:

For Denying all connections:

sudo ufw default deny incoming

For Allowing all connections:

sudo ufw default allow incoming

To deny or allow all outgoing connections:

Allow all outgoing 

sudo ufw default allow outgoing

Deny all outgoing 

sudo ufw default deny outgoing

 

9. List & Delete UFW Firewall Rules

Before deleting let’s first see a list of all the active rules in the UFW firewall. For that we can use:

sudo ufw status numbered

You will see all the UFW rules along with the serial number in which they have been activated. TO delete any of them just use the given command along with the serial number of the same. For example, in the above command, I want to delete the second rule 22/TCP. Then the command will be:

sudo ufw delete 2

 

10. GUI for UFW firewall on Ubuntu 22.04

Those who are using Graphical Desktop Linux can install a graphical user interface for their UFW firewall called “GUFW” (Graphical Uncomplicated Firewall) to operate it easily. The tool provides an interface with which you can comfortably create rules for incoming and outgoing connections.

sudo apt install gufw

Once the installation is completed go to Application launcher and there search for Firewall and you will have it, click to start. After that, you can configure the rules using the GUI interface of the application.

Install UFW firewall on Ubuntu 22.04 LTS Jammy

 

Other Articles

How to install and use Firewalld on Almalinux 8
3 Best SSH GUI Client Tools for Linux distros
How to install Anaconda on Ubuntu 22.04 LTS
How to install WineHQ on Ubuntu 22.04 LTS

 

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.