How To Install and Config UFW Firewall on Ubuntu 22.04

The UFW (Uncomplicated Firewall) is a frontend for iptables and is particularly well-suited for host-based firewalls. UFW provides a framework for managing netfilter, as well as a command-line interface for manipulating the firewall.

UFW is a great firewall tool that is designed to be run on hosts or servers. It allows or blocks incoming and outgoing connections to and from the server. You can block ports, IPs or even entire subnets using UFW. It is not as flexible as iptables but is vastly easier for basic operations.

To install UFW, you need to SSH into the system.

$ sudo apt update
$ sudo apt upgrade

To check if ufw is installed, you can use the which command:

$ which ufw

And if the result doesn’t show output, it means ufw is not installed and you should install it like below.

$ sudo apt-get install ufw

After your ufw installation is complete, use the command below to check. The initial default after installation, UFW will be disabled because it has not been activated and you have to enable it manually.

$ sudo ufw status verbose

-----------------------------
Output
Status: inactive

To enable UFW and start enforcing the firewall rules, run:

$ sudo ufw enable

To temporarily disable UFW, run:

$ sudo ufw disable

To check the current status of UFW, run the following command:

$ sudo ufw status

This will show you if UFW is active or inactive, the default input and output policies, and any rules that have been created.

A fresh Ubuntu 22.04 installation will have UFW inactive by default.

To allow incoming connections on a specific port, you need to allow that port using UFW. For example, to allow HTTP traffic on port 80, run:

$ sudo ufw allow 80/tcp

This will allow all incoming TCP connections on port 80. You can also specify the IP address to allow only for a specific host:

$ sudo ufw allow from 192.168.1.100 to any port 80

To allow both TCP and UDP protocols on port 123, run:

$ sudo ufw allow 123/tcp
$ sudo ufw allow 123/udp

To allow multiple ports at once, specify the starting and ending ports:

$ sudo ufw allow 2000:2100/tcp

This will allow all ports from 2000 to 2100. You can also specify ports in a comma-separated list:

$ sudo ufw allow 80,443,8080/tcp
$ sudo ufw allow 22,25,110/tcp  

It is a common requirement to allow incoming HTTP and HTTPS traffic. You can do that with:

$ sudo ufw allow 'Apache Full'

This will allow HTTP traffic on port 80 and HTTPS traffic on port 443.

To allow incoming SSH connections on port 22, run:

$ sudo ufw allow 22/tcp

This is required to manage your Ubuntu server remotely using SSH.

DNS uses UDP protocol on port 53. To allow incoming DNS queries, run:

$ sudo ufw allow 53/udp

To allow incoming VNC connections (usually port 5900 ), run:

$ sudo ufw allow 5900/tcp

To block specific ports or protocols, use deny instead of allow. For example, to block incoming SMTP traffic:

$ sudo ufw deny 25/tcp

Closing tcp and udp ports, replace 80 with the desired port number:

$ sudo ufw deny 80

For a port range you use the syntax:

$ ufw deny 1234:2345
$ ufw deny 1234:2345/tcp
$ ufw deny 1234:2345/udp

By default, the UFW incoming policy is set to deny, which means all incoming traffic is blocked. You can change this policy using:

$ sudo ufw default deny incoming      # To deny all incoming traffic
$ sudo ufw default allow incoming     # To allow all incoming traffic

Similarly, you can set the default outgoing policy using:

$ sudo ufw default deny outgoing
$ sudo ufw default allow outgoing

It is recommended to keep the default incoming policy as deny for security.

You can enable logging with the command:

$ sudo ufw logging on

Log levels can be set by running sudo ufw logging low|medium|high, selecting either low, medium, or high from the list. The default setting is low.

UFW keeps logs of denied connections in /var/log/ufw.log. You can view the log file using:

$ sudo less /var/log/ufw.log

To enable verbose logging, run:

$ sudo ufw logging verbose

Then UFW will log all allowed and denied connections.

The syntax is as follows to list all of the current rules in a numbered list format:

$ sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 80/tcp                     ALLOW IN    Anywhere                   # accept Apache
[ 3] 443/tcp                    ALLOW IN    Anywhere                   # accept HTTPS connections
[ 4] 1194/udp                   ALLOW IN    Anywhere                   # OpenVPN server
[ 5] 3000:4000/tcp              ALLOW IN    Anywhere
[ 6] 3000:4000/udp              ALLOW IN    Anywhere

To delete 6th rule type the command:

$ sudo ufw delete 6

You can also delete rules for a specific port:

$ sudo ufw delete allow 80

To flush all UFW rules and restore the default policy, run:

$ sudo ufw reset

For some reason, you need to restore/delete all existing rules to return to the original defaults, use the reset option to do the following:

$ sudo ufw disable
$ sudo ufw reset
$ sudo ufw enable

This will:
- Disable UFW
- Flush existing rules
- Re-enable UFW with the default configuration
This ensures UFW works with the default settings again.

Make sure the directive IPV6=yes do exists in /etc/default/ufw file. For instance:

$ cat /etc/default/ufw

UFW is a powerful tool that can greatly improve the security of your servers when properly configured. This reference guide covers some common UFW rules that are often used to configure a firewall on Ubuntu. Your firewall is now configured to allow (at least) SSH connections. Be sure to allow any other incoming connections that your server needs, while limiting any unnecessary connections, so your server will be functional and secure.

I hope this helps you configure and manage UFW firewall on Ubuntu 22.04. Let me know if you have any other questions!