This post will explain how to install the UFW on Ubuntu 24.04 OS. UFW (Uncomplicated Firewall) is an interface for iptables for configuring a firewall. The UFW firewall is way easier than the iptables for securing the server. It is used daily by system administrators, developers, and other familiar Linux users. The most important thing about the UFW firewall is that it protects the server from unauthorized access.
In the next paragraph, we will cover the installation of the UFW firewall, along with real examples. Let’s get started!
Before we start with the installation of configuring the UFW Firewall, we will update the system packages to their latest versions available:
sudo apt update -y && sudo apt upgrade -y
Before we start with installation we can execute the following command to check the status of the UFW service:
ufw status
If there is no UFW service and installation you will get the following output:
root@host:~# ufw status Command 'ufw' not found, but can be installed with: snap install ufw # version 0.36.2, or apt install ufw # version 0.36.2-1 See 'snap info ufw' for additional versions.
To install the UFW Ubuntu-based firewall execute the command below:
sudo apt install ufw -y
Once the installation is complete, start and enable the service:
sudo systemctl start ufw && sudo systemctl enable ufw
To check the status of the service execute the command below:
sudo systemctl status ufw
You should get the following output:
root@host:~# sudo systemctl status ufw
● ufw.service - Uncomplicated firewall
Loaded: loaded (/usr/lib/systemd/system/ufw.service; enabled; preset: enabled)
Active: active (exited) since Mon 2024-12-09 15:14:20 CST; 2min 0s ago
Docs: man:ufw(8)
Main PID: 15314 (code=exited, status=0/SUCCESS)
CPU: 3ms
Dec 09 15:14:20 host.test.vps systemd[1]: Starting ufw.service - Uncomplicated firewall...
Dec 09 15:14:20 host.test.vps systemd[1]: Finished ufw.service - Uncomplicated firewall.
Now you can execute the following command again:
ufw status
By default the UFW is not enabled so you will receive the output below:
root@host:~# ufw status Status: inactive
In the next paragraphs, we will show you how to enable it and add some rules.
This is the most important step of this blog post. As we said previously UFW service is disabled by default. If you enable it now, without any rules you will not be able to connect to your server via SSH. In other words, you will be kicked out of your server and will be locked. So the first step is to allow the SSH connections:
sudo ufw allow OpenSSH && sudo ufw allow ssh
You will get the following output:
root@host:~# sudo ufw allow OpenSSH && sudo ufw allow ssh Rules updated Rules updated (v6) Rules updated Rules updated (v6)
Next is to allow the SSH port number. To do that execute the following command:
sudo ufw allow 22
You should get the following output:
root@host:~# sudo ufw allow 22 Rules updated Rules updated (v6)
Now, when the SSH access is enabled we can proceed with configuring some other important rules. The next is to allow the default UFW incoming policy to deny:
sudo ufw default deny incoming
You will get the following output:
root@host:~# sudo ufw default deny incoming Default incoming policy changed to 'deny' (be sure to update your rules accordingly
To set the default UFW outgoing policy to allow, run:
sudo ufw default allow outgoing
You should get the following output:
root@host:~# sudo ufw default allow outgoing Default outgoing policy changed to 'allow' (be sure to update your rules accordingly)
In the next paragraph, we will show you how to Enable UFW.
First, we will check the rules we added before to be sure before enabling the UFW:
sudo ufw show added
You will get output similar to this:
root@host:~# sudo ufw show added Added user rules (see 'ufw status' for running firewall): ufw allow OpenSSH ufw allow 22/tcp ufw allow 22
After confirming everything is OK, and the SSH connections are opened we can enable the UFW firewall securely:
sudo ufw enable
There will be a warning about the SSH connections, but we already configured it to accept those connections. So we can proceed with enabling by hitting the y button:
root@host:~# sudo ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Once, you confirm this you will get the following output:
Firewall is active and enabled on system startup
Now, you can check the status of the UFW Firewall again:
ufw status
If the UFW Firewall is enabled, you will get the following output:
root@host:~# ufw status
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
22/tcp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
These paragraphs are not listed with numbers since it is not necessary to enable these rules ordinarily. The first four steps were important to not get locked out of the server. Even if you are locked out of the server, you can always contact your hosting company to disable the rule. However, let’s proceed with allowing some specific IP address. To do that execute the command below:
sudo ufw allow from 162.246.254.3
The output is the same one:
Output Rule added
To specify a port that the IP address is allowed to connect to we need to add the following rule:
sudo ufw allow from 162.246.254.3 to any port 22
To specify the range of porst in UFW Firewall execute the command below:
sudo ufw allow 8069:8089/tcp sudo ufw allow 8069:8089/udp
To allow HTTP and HTTPS via Apache or Nginx web servers execute the command below:
sudo ufw allow ‘Apache Full’ sudo ufw allow ‘Nginx Full’
If you want to enable only HTTP or HTTPS you can use the following rules respectively:
sudo ufw allow http
And for HTTPS
sudo ufw allow https
For example, to deny the newly added rules about HTTP and HTTPS, you can execute the following command:
udo ufw deny http
And to deny the HTTPS:
sudo ufw deny https
To deny from a specific IP address:
sudo ufw deny from 162.246.254.3
To delete some rule, we have to know the rule number or to delete the rule by the name. Deleting the rule with a number is easier. First, we need to check the numbers for all the rules we added before:
sudo ufw status numbered
With rules, we added before we got this output:
root@host:~# sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] OpenSSH ALLOW IN Anywhere
[ 2] 22/tcp ALLOW IN Anywhere
[ 3] 22 ALLOW IN Anywhere
[ 4] 22 ALLOW IN 162.246.254.3
[ 5] 8069:8089/tcp ALLOW IN Anywhere
[ 6] 8069:8089/udp ALLOW IN Anywhere
[ 7] OpenSSH (v6) ALLOW IN Anywhere (v6)
[ 8] 22/tcp (v6) ALLOW IN Anywhere (v6)
[ 9] 22 (v6) ALLOW IN Anywhere (v6)
To remove rule number four about the Specific IP address from Anywhere execute the command below:
sudo ufw delete 4
There will be a warning about proceeding with the operation. We should type y and hit Enter:
root@host:~# sudo ufw delete 4 Deleting: allow from 162.246.254.3 Proceed with operation (y|n)? y Rule deleted
To delete rule number five, by the Rule Name we used before we need to execute the command below:
sudo ufw delete allow "8069:8089/tcp"
The final list with the added and deleted rules should look like this:
[ 1] OpenSSH ALLOW IN Anywhere
[ 2] 22/tcp ALLOW IN Anywhere
[ 3] 22 ALLOW IN Anywhere
[ 4] 22 ALLOW IN 162.246.254.3
[ 5] 8069:8089/udp ALLOW IN Anywhere
[ 6] OpenSSH (v6) ALLOW IN Anywhere (v6)
[ 7] 22/tcp (v6) ALLOW IN Anywhere (v6)
[ 8] 22 (v6) ALLOW IN Anywhere (v6)
That’s it! You have learned how to configure and install UFW Ubuntu-based firewalls.
If you have difficulties with the UFW Firewall our Linux admins will help you with any aspect. You must sign up for one of our monthly management or per-incident server support plans. Do not hesitate to contact us anytime you want. We are available 24/7.
If you liked this post about installing the UFW Firewall on Ubuntu 24.04 OS, please share it with your friends on social networks using the buttons on the left or leave a reply below. Thanks.
The post How to Install UFW on Ubuntu 24.04 appeared first on LinuxHostSupport.
The EU NIS2 directive, which calls for strengthening cybersecurity across the European Union, is now…
Security researchers at Google (Pedro Gallegos, Simon Scannell, and Jasiel Spelman) discovered vulnerabilities in the…
Introducing trusted open source database containers It’s time to stop proclaiming that “cloud native is…
Introduction GenAI is everywhere, and it’s changing how we approach technology. If you’ve ever wanted…
FreeCAD is a powerful, open-source parametric 3D CAD modeler designed for a broad range of…
Welcome to the Ubuntu Weekly Newsletter, Issue 874 for the week of January 5 –…