UFW Fundamentals: The Uncomplicated Firewall Rules and Commands
UFW the Uncomplicated Firewall, is a front-end user-friendly to manage firewall rules in Linux, designed especially to facilitate the process of iptables configuration, the implied firewall tool. UFW provides a command-line interface that lets the users enable or disable the firewall rules, control incoming and outgoing traffic, and set the default policies.
The key features of UFW include:
- Easy to use: accessible with minimal network experience for the users by the simplicity of design.
- Command-Line interface: users can quickly add or remove rules using commands.
- IPv4 and IPv6 Support: works with both IP versions.
- Logging: log firewall activity to help the admin troubleshoot issues or monitor traffic.
Here’s an explanation and examples for various UFW commands:
Basic Commands
Basic Firewall Management Commands
1. enable
-
Purpose: Enables the UFW firewall.
1
sudo ufw enable
Explanation: This command turns on the UFW firewall and starts applying the rules defined in
/etc/ufw/*
to filter incoming and outgoing network traffic.
2. disable
-
Purpose: Disables the UFW firewall.
1
sudo ufw disable
- Explanation: This command stops UFW from filtering network traffic, effectively allowing all connections.
3. default ARG
-
Purpose: Sets the default policy for incoming and outgoing traffic.
1 2
sudo ufw default deny incoming sudo ufw default allow outgoing
-
Explanation: This command sets the default behavior for incoming (
deny
orallow
) and outgoing (deny
orallow
) traffic that doesn’t match any specific rules.
4. logging LEVEL
-
Purpose: Sets the logging level for UFW.
1
sudo ufw logging low
Explanation: This command sets the verbosity level of UFW logging (
low
,medium
,high
, oroff
). Logs are typically stored in/var/log/ufw.log
.
5. allow ARGS
-
Purpose: Adds an allow rule to UFW.
1 2
sudo ufw allow 22/tcp sudo ufw allow ssh
Explanation: These commands allow incoming connections on port 22 (SSH) either by specifying the port (
22/tcp
) or using a service name (ssh
).
6. deny ARGS
-
Purpose: Adds a deny rule to UFW.
1
sudo ufw deny 3306/tcp
Explanation: This command denies incoming connections on port 3306 (MySQL) using TCP protocol.
7. reject ARGS
-
Purpose: Adds a reject rule to UFW.
1
sudo ufw reject 8080/tcp
Explanation: This command rejects incoming connections on port 8080 using TCP protocol, sending a rejection message to the client.
8. limit ARGS
-
Purpose: Adds a rate limiting rule to UFW.
1
sudo ufw limit ssh
Explanation: This command limits incoming SSH connections to prevent brute-force attacks by rate-limiting the connection attempts.
9. delete RULE|NUM
-
Purpose: Deletes a specific UFW rule by rule specification or rule number.
1 2
sudo ufw delete allow 80/tcp sudo ufw delete 3
Explanation: These commands delete the allow rule for port 80 using TCP protocol and the rule numbered 3 from the UFW rule list, respectively.
10. insert NUM RULE
-
Purpose: Inserts a UFW rule at a specific position in the rule list.
1
sudo ufw insert 3 allow 443/tcp
Explanation: This command inserts an allow rule for port 443 using TCP protocol at position 3 in the UFW rule list.
11. prepend RULE
-
Purpose: Adds a UFW rule at the beginning of the rule list.
1
sudo ufw prepend allow 8080/tcp
Explanation: This command adds an allow rule for port 8080 using TCP protocol at the beginning of the UFW rule list.
12. route RULE
-
Purpose: Adds a routing rule to UFW.
1
sudo ufw route allow from 192.168.1.0/24
Explanation: This command adds a routing rule to allow traffic from the specified subnet (
192.168.1.0/24
).
13. route delete RULE|NUM
-
Purpose: Deletes a specific UFW routing rule by rule specification or rule number.
1 2
sudo ufw route delete allow from 10.0.0.0/8 sudo ufw route delete 2
Explanation: These commands delete the allow routing rule for the subnet
10.0.0.0/8
and the routing rule numbered 2 from the UFW routing rule list, respectively.
14. route insert NUM RULE
-
Purpose: Inserts a UFW routing rule at a specific position in the routing rule list.
1
sudo ufw route insert 2 allow from 192.168.2.0/24
Explanation: This command inserts an allow routing rule for traffic from subnet
192.168.2.0/24
at position 2 in the UFW routing rule list.
15. reload
-
Purpose: Reloads the UFW firewall rules.
1
sudo ufw reload
Explanation: This command reloads the UFW firewall rules from the configuration files (
/etc/ufw/*
) without disabling the firewall.
16. reset
-
Purpose: Resets UFW to default settings (disable and delete all rules).
1
sudo ufw reset
Explanation: This command disables UFW and deletes all rules, resetting it to the default configuration.
17. status
-
Purpose: Shows the current status of UFW (active or inactive).
1
sudo ufw status
Explanation: This command displays whether UFW is currently enabled or disabled.
18. status numbered
-
Purpose: Shows the current status of UFW with numbered rules.
1
sudo ufw status numbered
Explanation: This command displays the current UFW status with each rule numbered for easier reference.
19. status verbose
-
Purpose: Shows a verbose output of the current UFW status.
1
sudo ufw status verbose
Explanation: This command provides detailed information about the current UFW status, including logging settings, default policies, and all active rules.
20. show ARG
-
Purpose: Shows a specific report or information about UFW.
1
sudo ufw show added
Explanation: This command shows a report of added rules in UFW (
added
is the argument here). Other arguments (before.rules
,after.rules
, etc.) can be used to show different aspects of UFW configuration.
21. version
-
Purpose: Displays the version information of UFW.
1
sudo ufw version
Explanation: This command shows the version number and release information of the installed UFW.
Application Profile Commands
22. app list
-
Purpose: Lists available application profiles in UFW.
1
sudo ufw app list
Explanation: This command lists all predefined application profiles that can be used in UFW rules (
ssh
,Apache
,Nginx
, etc.).
23. app info PROFILE
-
Purpose: Shows detailed information about a specific application profile.
1
sudo ufw app info OpenSSH
Explanation: This command displays detailed information about the
OpenSSH
application profile, including ports, protocols, and descriptions.
24. app update PROFILE
-
Purpose: Updates an existing application profile in UFW.
1
sudo ufw app update Nginx
Explanation: This command updates the
Nginx
application profile in UFW with any changes made to its configuration.
25. app default ARG
-
Purpose: Sets the default policy for a specific application profile.
1
sudo ufw app default DenyAll
Explanation: This command sets the default policy for the
DenyAll
application profile in UFW (allow
,deny
, orreject
).
Conclusion
S These commands provide comprehensive control over UFW firewall settings, allowing you to manage firewall rules, logging, application profiles, and default policies effectively. Customize these commands according to your network security requirements and operational needs to ensure robust firewall protection. Adjust rule arguments (ARGS
) and profiles (PROFILE
) based on specific ports, protocols, or application requirements in your environment.