Skip to content

UFW

Installation

1
aptitude install ufw

Activation

Here it should be noted that already active connections are not disconnected, but new ones are not possible after activating the firewall, if no rule exists for the service.

Before or directly after this, SSH should be allowed on the corresponding port.

1
ufw enable

Default policies

By default, all outgoing traffic should be allowed and all incoming traffic should be prohibited. Individual ports for incoming traffic can then be specifically enabled afterwards.

Incoming:

1
ufw default deny incoming

Outgoing:

1
ufw default allow outgoing

Show status

Displays a list of all defined rules. However, the firewall must be active for this.

1
ufw status verbose

Create rules

1
ufw allow|deny [proto <protocol>] [from <address> [port <port>]] [to <address> [port <port>]]

Alternatively a short version could be used.

1
ufw allow <port>/<protocol>

Pre-configuration

Rules can be added even if the firewall is disabled.

Allow protocol TCP from localhost on port 80 to localhost on port 80.

1
ufw allow proto tcp from 127.0.0.1 port 80 to 127.0.0.1 port 80

Allow proto UDP from localhost to any IP address on port 80.

1
ufw allow proto udp from 127.0.0.1 to any port 80

Comments

A comment can be added to every rule. Add COMMENT "<comment>" at the end.

Allow from localhost to any IP address and add a comment for this rule.

1
ufw allow from 127.0.0.1 to any COMMENT "Allow localhost"

Short version of allow protocol TCP from any address to any address on port 80.

1
ufw allow 80/tcp

Insert a rule before another rules.

1
sudo ufw insert <position> allow|deny ...

Deny access from localhost before any other rule is executed.

1
sudo ufw insert 1 deny 127.0.0.1

Delete rules

Displays all rules with numbers as a list.

1
ufw status numbered

Deletes the rule with the number from the list.

1
ufw delete [nummer]