How to Set Up a Firewall with UFW on ubuntu 20.04

Louis SanchezNovember 25th 2020, 8:25

Uncomplicated firewall (UFW) provides easy-to-use interface for people unfamiliar with firewall concepts. It provides a framework for managing netfilter as well as the command-line interface to manipulate the firewall. With its small command set and plain English parameters, UFW makes it quick and easy to understand and set up firewall rules. At the same time, you can use UFW to configure most of the rules possible with iptables. UFW comes preinstalled with all Ubuntu installations after version 8.04 LTS.

Follow these steps to secure network with uncomplicated firewall:

Step 1 : UFW comes preinstalled on Ubuntu systems. If it's not, you can install it with the following commands:

sudo apt-get update
sudo apt-get install ufw

Step 2 : Check the status of UFW

sudo ufw status

Step 3 : Add a new rule to allow SSH

sudo ufw allow ssh

Step 4 : Alternatively, you can use a port number to open a particular port

sudo ufw allow 22

Step 5 : Allow only TCP traffic over HTTP (port 80)

sudo ufw allow http/tcp

Step 6 : Deny incoming FTP traffic

sudo ufw deny ftp

Step 7 : Check all added rules before starting the firewall

sudo ufw show added

Step 8 : Now enable the firewall

sudo ufw enable

Step 9 : Check the ufw status, the verbose parameter is optional:

sudo ufw status verbose

Step 10 : Get a numbered list of added rules

sudo ufw status numbered

Step 11 : You can also allow all ports in a range by specifying a port range

sudo ufw allow 1050:5000/tcp

Step 12 : If you want to open all ports for a particular IP address, use the following command

sudo ufw allow from 10.0.3.102

Step 12 : Alternatively, you can allow an entire subnet, as follows:

sudo ufw allow from 10.0.3.0/24

Step 13 : You can also allow or deny a specific port for a given IP address

sudo ufw allow from 10.0.3.102 to any port 2300 
sudo ufw deny from 10.0.3.102 to any port 5213

Step 14 : To specify a protocol in the preceding rule, use the following command

sudo ufw deny from 10.0.3.102 proto tcp to any port 5213

Step 15 : Deleting rules

sudo ufw delete deny ftp

Step 16 : Delete rules by specifying their numbers

sudo ufw status numbered
sudo ufw delete 2

Step 17 : Add a new rule at a specific number

sudo ufw insert 1 allow 5212/tcp	# Inserts a rule at number 1

Step 18 : If you want to reject outgoing FTP connections, you can use the following command

sudo ufw reject out ftp

Step 19 : UFW also supports application profiles. To view all application profiles, use the following command:

sudo ufw app list

Step 20 : Get more information about the app profile using the following command

sudo ufw app info OpenSSH

Step 21 : Allow the application profile as follows

sudo ufw allow OpenSSH

Step 22 : Set ufw logging levels [off|low|medium|high|full] with the help of the following command

sudo ufw logging medium

Step 23 : View firewall reports with the show parameter

sudo ufw show added      # list of rules added
sudo ufw show raw                   # show complete firewall

Step 24 : Reset ufw to its default state (all rules will be backed up by UFW)

sudo ufw reset