Skip to main content

Quick Setup UFW

This is a quick guide on how to setup UFW. The following assumes you are using Debian 11 and have a user account with sudo privileges.

Installing UFW

Update the repos and install any packages that need upgrading:

sudo apt update
sudo apt upgrade

The install UFW:

sudo apt install ufw

Basic UFW Usage

Upon installation UFW will:
Be disabled
Deny all incoming connections
Allow all outgoing connections

If you are connecting to the computer via SSH, then we will need to allow port 22 before enable the firewall, otherwise we won't be able to access it.

There are two ways to allow ports, either specifying the port number or through the service name.

Allowing Ports/Services

The first method shown is through the port number:

sudo ufw allow 22

The second method is through the service name:

# /etc/services 
sudo ufw allow ssh
# App list in UFW
sudo ufw allow OpenSSH

A predefined list of service name and corresponding port numbers can be found in /etc/services. There is also an application list in UFW as well which can be accessed by entering ufw app list

Enabling & Disabling UFW

To enable UFW:

sudo ufw enable

To disable UFW:

sudo ufw disable
Allow Port Ranges

If a specific services requires a range of ports to be opened, it can be done with the following start-port:end-port:

sudo ufw allow 5000:5023
Allow Specific Protocols

To allow only specific protocols through you can append /tcp or /udp to the rule:

sudo ufw allow 443/tcp
Deleting Rules

There are two ways to delete rules, either by the rule number as shown in UFW or by the rule itself.

First we get a list of rules currently made:

sudo ufw status numbered
# Output from "ufw status numbered"
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere                  
[ 2] 22/tcp (v6)                ALLOW IN    Anywhere (v6)

Then we can delete the IPv6 ssh rule with:

sudo ufw delete 2

To delete a rule by the rule itself we can enter:

sudo ufw delete allow ssh
Checking Status

If you want to check the current status of UFW, you can enter:

sudo ufw status

Conclusion

This gives you a quick oversight on how to setup easy firewall rules to protect your server. If you need something more sophisticated, iptables/nftables will do anything you wish it to.

Back to top