Learn how to install the UFW firewall on Ubuntu 24.04 Noble or 22.04 LTS Jammy JellyFish Linux. Then, use the command terminal to block or open ports in the active firewall.
UFW stands for uncomplicated firewall. Its goal is to provide an uncomplicated command-line-based frontend for the very powerful but not easy-to-configure IPtables. UFW supports both IPv4 and IPv6.
Users can install this open-source firewall on Linux systems easily because it is included in the package sources—at least if they are using an Ubuntu or Debian distribution. Other Linux users, such as Fedora, need to download the source code package to get it.
In short, UFW is an interface to IPTables designed to simplify configuring a firewall. You can’t bypass a firewall to secure the network or monitor your server’s incoming and outgoing connections. UFW is a handy tool that can be controlled and configured via the Ubuntu terminal.
Steps to Install UFW Firewall on Ubuntu 24.04 or 22.04 LTS Jammy
1: Requirements
We don’t need any specific third-party repository to get this firewall. To follow this tutorial, users must be on Ubuntu with a User account (sudo rights) and an active internet connection.
2. Install UFW on Ubuntu 24.04 or 22.04
Next, run the system update command on your system to refresh the APT repo cache, and then use the package manager to install the UFW firewall on your system.
sudo apt update
sudo apt install ufw
3. Status, Start, Stop
First, you should check whether the program is active. UFW is usually deactivated, as this is specified during the standard installation.
The status is checked with
sudo ufw status
If the output is: Firewall not loaded
In this case, the service is not active. The firewall can be activated by:
sudo ufw enable
A firewall started and enabled on system startup means it is also set up as a service, i.e., when the computer is restarted, it is activated directly.
To switch off UFW again, the command is :
sudo ufw disable
The firewall stopped and disabled on system startup, which also disables the automatic start of the program.
3. Setup Default Policies
Once the firewall is on your system, we can create rules to block or open any application traffic. However, we should first define how inbound and outbound traffic is handled. However, all incoming connections are denied by default, and all outbound connections are allowed. This is important because if every incoming connection were allowed, anyone outside could reach your server. Hence, to make sure the default settings are set correctly, enter the following commands one after the other:
To block all incoming connections:
sudo ufw default deny incoming
To allow or open all outgoing traffic:
sudo ufw default allow outgoing
4. UFW Firewall Rules
Enabling the firewall without defining rules already means that all incoming connections are prohibited and all outgoing connections are allowed.
ufw uses a three-level set of rules stored in three configuration files. These are read and evaluated in the following order:
/etc/ufw/before.rules
/etc/ufw/user.rules (the rules defined in the command line are also persisted)
/etc/ufw/after.rules
This means that rules in user. rules may override those in before.rules and rules in after.rules override those of user.rules.
The original rules files contain only a few basic rules that regulate problem-free internal network traffic. Adding rules using UFW is quite simple.
The most straightforward general syntax is:
sudo ufw allow|deny|reject SERVICE
SERVICE can be one of the protocols mentioned in the file /etc/services file, such as POP3, HTTP, or any other application service, such as SSH, if installed.
For example, if you want to allow port 22 or SSH service in the UFW firewall, the command will be:
sudo ufw allow ssh
Whereas, if you know the exact port used by the SSH, which by default 22, the command will be:
sudo ufw allow 22/tcp
6. Allow particular port ranges and IPs
UFW can enable access to port ranges instead of individual ports. Here, you have to specify the protocol—e.g., UDP or TCP—for which the rules should apply.
If the range of ports you want to allow extends from 5000 to 5010, you must execute the following commands for UDP and TCP in the terminal.
sudo ufw allow 5000:5010/udp
sudo ufw allow 5000:5010/tcp
It is also possible to specify the IP addresses allowed with UFW. For example, if you want to allow connections from the private IP address 192.168.0.104, execute the following command:
sudo ufw allow from 192.168.0.104
You can also enable specific ports for an IP address. To do this, you need to mention that particular port, such as 22 if you want to connect via SSH to the IP address mentioned above. This works with the following command:
sudo ufw allow from 192.168.253.49 to any port 22
7. Application filter
A few common services file automatically gets created when a service/program to be protected by ufw is installed. The corresponding configuration files are located in the /etc/ufw/applications.d/
directory. These simple text files contain the service name, a brief description, and the ports and protocols to be opened.
An overview of all current application filters can be obtained with the command.
sudo ufw app list
This looks like this, for example:
Available applications:
Apache
LDAPS
LPD
MSN
MSN SSL
Mail submission
NFS
OpenSSH
POP3
POP3S
PeopleNearby
SMTP
SSH
8. Allow all default incoming and outgoing UFW connections
To deny or allow all incoming connections:
For Denying all connections:
sudo ufw default deny incoming
For Allowing all connections:
sudo ufw default allow incoming
To deny or allow all outgoing connections:
Allow all outgoing
sudo ufw default allow outgoing
Deny all outgoing
sudo ufw default deny outgoing
9. List & Delete UFW Firewall Rules
Before deleting it, let’s first look at a list of all the active rules in the UFW firewall. For that, we can use:
sudo ufw status numbered
You will see all the UFW rules and the serial number to which they have been activated. To delete any of them, use the command and serial number given. For example, in the above command, I want to delete the second rule, 22/TCP. Then the command will be:
sudo ufw delete 2
10. GUI for UFW firewall on Ubuntu 24.04 or 22.04
Those using Graphical Desktop Linux can install a graphical user interface for their UFW firewall called “GUFW” (Graphical Uncomplicated Firewall) to operate it efficiently. The tool provides an interface to create rules for incoming and outgoing connections comfortably.
sudo apt install gufw
Once the installation is completed, go to the application launcher and search for Firewall. You will have it. Click to start. After that, you can configure the rules using the application’s GUI interface.
Other Articles
• How to install and use Firewalld on Almalinux 8
• 3 Best SSH GUI Client Tools for Linux distros
• How to install Anaconda on Ubuntu 24.04 or 22.04 LTS
• How to install WineHQ on Ubuntu 22.04 LTS