Install and Enable UFW
#sudo apt-get install ufw #sudo ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)?
Enter Y, and proceed to allow connections to your server
Firewall is active and enabled on system startup
Check whether UFW is running:
#sudo ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 22/tcp (v6) ALLOW Anywhere (v6)
Allow Connections to Your Server
#sudo ufw allow 80
#sudo ufw allow 80/tcp #sudo ufw allow 443/tcp
If you are unsure of its port number. For example, to enable MySQL:
#sudo ufw allow mysql
Specify Filtering Mode
#sudo ufw allow in ftp
#sudo ufw allow out smtp
Deny Connections to Your Server
#sudo ufw deny 3306
Removing Firewall Rules
Checking UFW status with the parameter
numbered. This allows you to select a rule by entry number.
#sudo ufw status numbered Status: active To Action From -- ------ ---- [ 1] Apache DENY IN Anywhere [ 2] 80 DENY IN Anywhere [ 3] 22 ALLOW IN Anywhere (out)
Delete the rules by the numbers in square brackets
#sudo ufw delete 3
Set Logging Level
By default, the Uncomplicated Firewall logging level is set to low. However, multiple logging levels are supported, and you have a preferred setting based on what firewall logs you wish to keep.
off disables ufw logging.
low logs blocked packets that don’t match your set rules and packets matching logged rules.
medium logs low level, allowed packets that don’t match the set policy, invalid packets, and all new connections to your server.
high logs medium without attempts/rate-limiting and all packets with attempt limiting.
full logs all firewall packets without rate/access attempts limiting.
To set your UFW logging level, use the command below.
#sudo ufw logging LEVEL
#sudo ufw logging medium
To enable logging for a specific firewall rule, such as SSH, use the command.
#sudo allow log 22/tcp
Enable IPV6 Support
#sudo vim /etc/default/ufw
Locate the IPV6 line and make sure it is set to yes
Disable / Reload UFW
To disable (stop) Uncomplicated Firewall, run the command.
#sudo ufw disable
If you need to reload UFW (reload rules), use the
#sudo ufw reload
To restart UFW, you will need to disable it first and then enable it again.
#sudo ufw disable #sudo ufw enable
Again, before enabling UFW, make sure that the SSH port is allowed for your IP address.
Back to Default Settings
If you need to reset UFW back to default settings, type the following command. This will delete all existing rules and reset the firewall to default values.
user@example:~#ufw reset Resetting all rules to installed defaults. This may disrupt existing ssh connections. Proceed with operation (y|n)?