UFW(Uncomplicated Firewall)

UFW is just a wrapper for iptables.

---

UFW Service

Check UFW status

ufw status

Enable UFW

ufw enable

Disable UFW

ufw disable

Enable/Disable Logging

ufw logging on/off

---

UFW preset rule options

UFW may have preset rulesets that can be used for applications you have installed.

View available rule presets for installed apps:

ufw app list

View available preset protocol rules

less /etc/services

You'll see an output something like:

Available applications:
  Apache
  Apache Full
  Apache Secure
  Nginx Full
  Nginx HTTP
  Nginx HTTPS
  OpenSSH

You can then use the preset options to set rules

UFW allow option

Example;

ufw allow nginx

---

Port Rules

When adding port/IP rules, its best practice to add a comment to ensure the rule can be clearly identified. This is done using the comment function, as an example:
ufw allow 80/tcp comment "web ports"

Basic port allow rule

ufw allow 80/tcp

Basic port deny rule

ufw deny 80/tcp

Multiple port allow rule

ufw allow 20,21/tcp

Multiple port block rule

ufw deny 20,21/tcp

Port range allow rule

ufw allow 40000:40100/tcp

Port range block rule

ufw deny 40000:40100/tcp

IP Rules

ufw all proto TCP from IP_IP_IP_IP to any port

---

UFW Rule Ordering

UFW reads rules in order from top to bottom, with the earlier rules taking priority over subsequent rules.

View existing rules with rule numbers

ufw status numbered

Specify position in ruleset when adding rule

ufw insert 3 allow 80/tcp

The above command would add an allow rule for port 80 after rule before the existing number 3 rule.

Add rule to top of list

ufw prepend allow 80/tcp

add rule to bottom of list

ufw append allow 80/tcp

Delete a rule

ufw delete rulenumber

---