Заметки сисадмина » Ubuntu22: Set Up UFW Firewall in 5 Minutes

Заметки сисадмина о интересных вещах из мира IT, инструкции и рецензии. Настраиваем Компьютеры/Сервера/1С/SIP-телефонию в Москве

Ubuntu22: Set Up UFW Firewall in 5 Minutes

2025-01-10 · Posted in Ubuntu

The steps are as follows for setting up UFW:

1.Set Up default UFW policies

Let us view the current status:

The default policy firewall works excellent for servers and the desktop. It is always a good policy to close all ports on the server and open only the required TCP or UDP ports. Let us block all incoming connections and only allow outgoing connections from the Ubuntu 22.04 LTS cloud server:

Make sure IPv6 support enabled too. Run the grep command:

Otherwise, edit the /etc/default/ufw:

Set it as follows:

2.Open SSH TCP port 22 using the ufw

The next rational step is to allow incoming SSH connections on the default TCP port 22 as follows:

Say you are running the OpenSSH server on TCP port 4242, then:

You can limit ssh port access as follows too:

See “How to limit SSH (TCP port 22) connections with ufw on Ubuntu Linux” for more information.

3.Turning on the firewall

That is all needed. Now turn on the firewall protection for your Ubuntu Linux 22.04 LTS machine. For example:

You need to confirm the operation by typing the y and followed by the [Enter] key:

How To Set Up a Firewall with UFW on Ubuntu 22.04 LTS

To view the current firewall status, type the systemctl command:

Please note that once UFW is enabled, it runs across system reboots. You can verify that easily using the systemctl command:

4.Opening (allow) TCP or UDP ports

Now that you set up a firewall policy and opened TCP port 22 for ssh purposes, it is time to open other service ports as per the needs of your application. For example, open TCP port 80 and 443 for Nginx or Apache web server as follows:

Here is how to open the WireGuard VPN UDP port 41194, type:

The ufw comment keywords adds comments, which act as an instrumental in understanding firewall rules.

Opening TCP and UDP port ranges

Allowing connection from a single IP or CIDR

In this example, you want to allow ALL connections from an IP address called 1.2.3.4, enter:

Let us allow connections from an IP address called 1.2.3.4 to our port 25, enter:

And you can set destination IP 222.222.222.222 for port 25 too: sudo ufw allow from 1.2.3.4 to 222.222.222.222 port 25 proto tcp

How to allow connection on specific interface

Open TCP port 22 for wg0 interface only:

Say you want to allow connection for TCP port 3306 on lxdbr0 interface from 10.105.28.22, then add:

5.Blocking TCP or UDP ports and connections

Do you want to close ports and block certain IP addresses? The syntax is as follows to deny access. In other words, simply ignoring access to port 23:

Here is how to deny all connections from an IP address called 1.2.3.4, enter:

How about clock IP/subnet (CIDR) called 103.13.42.42/28, enter:

Finally, deny access to 1.1.1.2 (say bad guys or hacker IP address) on port 22? Try:

6.Viewing firewall rules

You can see firewall status as numbered list of RULES:

How to view ufw firewall rules on Ubuntu Linux 22.04 LTS

7.Deleting ufw firewall rules

Get list all of the current rules in a numbered list format:

To remove firewall rule # 6 type the command:

See how to delete a UFW firewall rule on Ubuntu / Debian Linux tutorial for further information.

8.Stopping and removing UFW

If you no longer need ufw, here is how to disable it:

9.View the firewall logs

By default all UFW entries are logged into /var/log/ufw.log file. Use the grep/less/more and other commands to view the ufw logs. For examples:

Finally, here is how to display the list of rules:

Wasn’t that easy? Now you know how to protect your Ubuntu 22.04 LTS Linux server. Please read the ufw command docs online or using the man command (ufw help command) as follows:

Leave a Reply