Post

UFW Fundamentals: The Uncomplicated Firewall Rules and Commands

Posted
By Ahmed Aljorani 6 min read

UFW the Uncomplicated Firewall, is a front-end user-friendly to manage firewall rules in Linux, designed especially to facilitate the process of iptables configuration, the implied firewall tool. UFW provides a command-line interface that lets the users enable or disable the firewall rules, control incoming and outgoing traffic, and set the default policies.

The key features of UFW include:

  • Easy to use: accessible with minimal network experience for the users by the simplicity of design.
  • Command-Line interface: users can quickly add or remove rules using commands.
  • IPv4 and IPv6 Support: works with both IP versions.
  • Logging: log firewall activity to help the admin troubleshoot issues or monitor traffic.

Here’s an explanation and examples for various UFW commands:

Basic Commands

Basic Firewall Management Commands

1. enable

  • Purpose: Enables the UFW firewall.

    1

    sudo ufw enable

  • Explanation: This command turns on the UFW firewall and starts applying the rules defined in /etc/ufw/* to filter incoming and outgoing network traffic.

2. disable

  • Purpose: Disables the UFW firewall.
    1

    sudo ufw disable
  • Explanation: This command stops UFW from filtering network traffic, effectively allowing all connections.

3. default ARG

  • Purpose: Sets the default policy for incoming and outgoing traffic.
    1
2

    sudo ufw default deny incoming
sudo ufw default allow outgoing
  • Explanation: This command sets the default behavior for incoming (deny or allow) and outgoing (deny or allow) traffic that doesn’t match any specific rules.

4. logging LEVEL

  • Purpose: Sets the logging level for UFW.

    1

    sudo ufw logging low

  • Explanation: This command sets the verbosity level of UFW logging (low, medium, high, or off). Logs are typically stored in /var/log/ufw.log.

5. allow ARGS

  • Purpose: Adds an allow rule to UFW.

    1
2

    sudo ufw allow 22/tcp
sudo ufw allow ssh

  • Explanation: These commands allow incoming connections on port 22 (SSH) either by specifying the port (22/tcp) or using a service name (ssh).

6. deny ARGS

  • Purpose: Adds a deny rule to UFW.

    1

    sudo ufw deny 3306/tcp

  • Explanation: This command denies incoming connections on port 3306 (MySQL) using TCP protocol.

7. reject ARGS

  • Purpose: Adds a reject rule to UFW.

    1

    sudo ufw reject 8080/tcp

  • Explanation: This command rejects incoming connections on port 8080 using TCP protocol, sending a rejection message to the client.

8. limit ARGS

  • Purpose: Adds a rate limiting rule to UFW.

    1

    sudo ufw limit ssh

  • Explanation: This command limits incoming SSH connections to prevent brute-force attacks by rate-limiting the connection attempts.

9. delete RULE|NUM

  • Purpose: Deletes a specific UFW rule by rule specification or rule number.

    1
2

    sudo ufw delete allow 80/tcp
sudo ufw delete 3

  • Explanation: These commands delete the allow rule for port 80 using TCP protocol and the rule numbered 3 from the UFW rule list, respectively.

10. insert NUM RULE

  • Purpose: Inserts a UFW rule at a specific position in the rule list.

    1

    sudo ufw insert 3 allow 443/tcp

  • Explanation: This command inserts an allow rule for port 443 using TCP protocol at position 3 in the UFW rule list.

11. prepend RULE

  • Purpose: Adds a UFW rule at the beginning of the rule list.

    1

    sudo ufw prepend allow 8080/tcp

  • Explanation: This command adds an allow rule for port 8080 using TCP protocol at the beginning of the UFW rule list.

12. route RULE

  • Purpose: Adds a routing rule to UFW.

    1

    sudo ufw route allow from 192.168.1.0/24

  • Explanation: This command adds a routing rule to allow traffic from the specified subnet (192.168.1.0/24).

13. route delete RULE|NUM

  • Purpose: Deletes a specific UFW routing rule by rule specification or rule number.

    1
2

    sudo ufw route delete allow from 10.0.0.0/8
sudo ufw route delete 2

  • Explanation: These commands delete the allow routing rule for the subnet 10.0.0.0/8 and the routing rule numbered 2 from the UFW routing rule list, respectively.

14. route insert NUM RULE

  • Purpose: Inserts a UFW routing rule at a specific position in the routing rule list.

    1

    sudo ufw route insert 2 allow from 192.168.2.0/24

  • Explanation: This command inserts an allow routing rule for traffic from subnet 192.168.2.0/24 at position 2 in the UFW routing rule list.

15. reload

  • Purpose: Reloads the UFW firewall rules.

    1

    sudo ufw reload

  • Explanation: This command reloads the UFW firewall rules from the configuration files (/etc/ufw/*) without disabling the firewall.

16. reset

  • Purpose: Resets UFW to default settings (disable and delete all rules).

    1

    sudo ufw reset

  • Explanation: This command disables UFW and deletes all rules, resetting it to the default configuration.

17. status

  • Purpose: Shows the current status of UFW (active or inactive).

    1

    sudo ufw status

  • Explanation: This command displays whether UFW is currently enabled or disabled.

18. status numbered

  • Purpose: Shows the current status of UFW with numbered rules.

    1

    sudo ufw status numbered

  • Explanation: This command displays the current UFW status with each rule numbered for easier reference.

19. status verbose

  • Purpose: Shows a verbose output of the current UFW status.

    1

    sudo ufw status verbose

  • Explanation: This command provides detailed information about the current UFW status, including logging settings, default policies, and all active rules.

20. show ARG

  • Purpose: Shows a specific report or information about UFW.

    1

    sudo ufw show added

  • Explanation: This command shows a report of added rules in UFW (added is the argument here). Other arguments (before.rules, after.rules, etc.) can be used to show different aspects of UFW configuration.

21. version

  • Purpose: Displays the version information of UFW.

    1

    sudo ufw version

  • Explanation: This command shows the version number and release information of the installed UFW.

Application Profile Commands

22. app list

  • Purpose: Lists available application profiles in UFW.

    1

    sudo ufw app list

  • Explanation: This command lists all predefined application profiles that can be used in UFW rules (ssh, Apache, Nginx, etc.).

23. app info PROFILE

  • Purpose: Shows detailed information about a specific application profile.

    1

    sudo ufw app info OpenSSH

  • Explanation: This command displays detailed information about the OpenSSH application profile, including ports, protocols, and descriptions.

24. app update PROFILE

  • Purpose: Updates an existing application profile in UFW.

    1

    sudo ufw app update Nginx

  • Explanation: This command updates the Nginx application profile in UFW with any changes made to its configuration.

25. app default ARG

  • Purpose: Sets the default policy for a specific application profile.

    1

    sudo ufw app default DenyAll

  • Explanation: This command sets the default policy for the DenyAll application profile in UFW (allow, deny, or reject).

Conclusion

S These commands provide comprehensive control over UFW firewall settings, allowing you to manage firewall rules, logging, application profiles, and default policies effectively. Customize these commands according to your network security requirements and operational needs to ensure robust firewall protection. Adjust rule arguments (ARGS) and profiles (PROFILE) based on specific ports, protocols, or application requirements in your environment.

Linux, Networking
firewall
This post is licensed under CC BY 4.0 by the author.