How to install UFW Firewall on Ubuntu 24.04 or 22.04 LTS Linux

Learn how to install the UFW firewall on Ubuntu 24.04 Noble or  22.04 LTS Jammy JellyFish Linux. Then, use the command terminal to block or open ports in the active firewall. 

UFW stands for uncomplicated firewall. Its goal is to provide an uncomplicated command-line-based frontend for the very powerful but not easy-to-configure IPtables. UFW supports both IPv4 and IPv6.

Users can install this open-source firewall on Linux systems easily because it is included in the package sources—at least if they are using an Ubuntu or Debian distribution. Other Linux users, such as Fedora, need to download the source code package to get it.

In short, UFW is an interface to IPTables designed to simplify configuring a firewall. You can’t bypass a firewall to secure the network or monitor your server’s incoming and outgoing connections. UFW is a handy tool that can be controlled and configured via the Ubuntu terminal.

Steps to Install UFW Firewall on Ubuntu 24.04 or 22.04 LTS Jammy

1: Requirements

We don’t need any specific third-party repository to get this firewall. To follow this tutorial, users must be on Ubuntu with a User account (sudo rights) and an active internet connection.

 

2. Install UFW on Ubuntu 24.04 or 22.04

Next, run the system update command on your system to refresh the APT repo cache, and then use the package manager to install the UFW firewall on your system.

sudo apt update
sudo apt install ufw

 

3. Status, Start, Stop

First, you should check whether the program is active. UFW is usually deactivated, as this is specified during the standard installation.

The status is checked with

sudo ufw status

If the output is: Firewall not loaded

In this case, the service is not active. The firewall can be activated by:

sudo ufw enable

A firewall started and enabled on system startup means it is also set up as a service, i.e., when the computer is restarted, it is activated directly.

To switch off UFW again, the command is :

sudo ufw disable

The firewall stopped and disabled on system startup, which also disables the automatic start of the program.

 

3. Setup Default Policies

Once the firewall is on your system, we can create rules to block or open any application traffic. However,  we should first define how inbound and outbound traffic is handled. However, all incoming connections are denied by default, and all outbound connections are allowed. This is important because if every incoming connection were allowed, anyone outside could reach your server. Hence, to make sure the default settings are set correctly, enter the following commands one after the other:

To block all incoming connections:

sudo ufw default deny incoming

To allow or open all outgoing traffic:

sudo ufw default allow outgoing

 

4. UFW Firewall Rules

Enabling the firewall without defining rules already means that all incoming connections are prohibited and all outgoing connections are allowed.

ufw uses a three-level set of rules stored in three configuration files. These are read and evaluated in the following order:

/etc/ufw/before.rules

/etc/ufw/user.rules (the rules defined in the command line are also persisted)

/etc/ufw/after.rules

This means that rules in user. rules may override those in before.rules and rules in after.rules override those of user.rules.

The original rules files contain only a few basic rules that regulate problem-free internal network traffic. Adding rules using UFW is quite simple.

The most straightforward general syntax is:

sudo ufw allow|deny|reject SERVICE

SERVICE can be one of the protocols mentioned in the file /etc/services file, such as POP3, HTTP, or any other application service, such as SSH, if installed.

For example, if you want to allow port 22 or SSH service in the UFW firewall, the command will be:

sudo ufw allow ssh

Whereas, if you know the exact port used by the SSH, which by default 22, the command will be:

sudo ufw allow 22/tcp

 

6. Allow particular port ranges and IPs

UFW can enable access to port ranges instead of individual ports. Here, you have to specify the protocol—e.g., UDP or TCP—for which the rules should apply.

If the range of ports you want to allow extends from 5000 to 5010, you must execute the following commands for UDP and TCP in the terminal.

sudo ufw allow 5000:5010/udp
sudo ufw allow 5000:5010/tcp

It is also possible to specify the IP addresses allowed with UFW. For example, if you want to allow connections from the private IP address 192.168.0.104, execute the following command:

sudo ufw allow from 192.168.0.104

You can also enable specific ports for an IP address. To do this, you need to mention that particular port, such as 22 if you want to connect via SSH to the IP address mentioned above. This works with the following command:

sudo ufw allow from 192.168.253.49 to any port 22

 

7. Application filter

A few common services file automatically gets created when a service/program to be protected by ufw is installed. The corresponding configuration files are located in the /etc/ufw/applications.d/ directory. These simple text files contain the service name, a brief description, and the ports and protocols to be opened.

An overview of all current application filters can be obtained with the command.

sudo ufw app list

This looks like this, for example:

Available applications:
Apache
LDAPS
LPD
MSN
MSN SSL
Mail submission
NFS
OpenSSH
POP3
POP3S
PeopleNearby
SMTP
SSH

 

8. Allow all default incoming and outgoing UFW connections

To deny or allow all incoming connections:

For Denying all connections:

sudo ufw default deny incoming

For Allowing all connections:

sudo ufw default allow incoming

To deny or allow all outgoing connections:

Allow all outgoing 

sudo ufw default allow outgoing

Deny all outgoing 

sudo ufw default deny outgoing

 

9. List & Delete UFW Firewall Rules

Before deleting it, let’s first look at a list of all the active rules in the UFW firewall. For that, we can use:

sudo ufw status numbered

You will see all the UFW rules and the serial number to which they have been activated. To delete any of them, use the command and serial number given. For example, in the above command, I want to delete the second rule, 22/TCP. Then the command will be:

sudo ufw delete 2

 

10. GUI for UFW firewall on Ubuntu 24.04 or 22.04

Those using Graphical Desktop Linux can install a graphical user interface for their UFW firewall called “GUFW” (Graphical Uncomplicated Firewall) to operate it efficiently. The tool provides an interface to create rules for incoming and outgoing connections comfortably.

sudo apt install gufw

Once the installation is completed, go to the application launcher and search for Firewall. You will have it. Click to start. After that, you can configure the rules using the application’s GUI interface.

Install UFW firewall on Ubuntu 22.04 LTS Jammy

 

Other Articles

How to install and use Firewalld on Almalinux 8
3 Best SSH GUI Client Tools for Linux distros
How to install Anaconda on Ubuntu 24.04 or 22.04 LTS
How to install WineHQ on Ubuntu 22.04 LTS

 

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.