How to Add UFW Rules

Uncomplicated Fire Wall or UFW for short is a piece of software that manages your default netfilter firewall on your Ubuntu system. The following steps will walk you through the process of adding different rules that will secure your server.

 

Setup Default Rules

When managing your system’s firewall one of the first things you want to do is set some default rules to minimize the amount of attack vectors. You can use the ufw default command to create blanket rules for both ingress and egress traffic as shown below. Once you’ve added your default rules you can then continue to add rules on a service or protocol specific basis.

 

The line below turns logging on and enables the UFW service to start at boot.

 

Allowing Common Protocols

The following rules will allow ssh access which is port 22, http which listens on 80 and https which listens on port 443.

 

Allowing connectivity from a specific IP address

Allowing connectivity from a specific Subnet

Allowing connectivity from a specific IP and port

How to display current status and applied rules.

You should see something like so.

Status: active

To Action From
— —— —-
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)

 

Purging Rules

To revert to the default settings & purge all configurations.

 


Share:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.