How to Manage Firewall (UFW) on Ubuntu 16.04 | 18.04 Servers

Ubuntu comes with a firewall module by default, but it is disabled after installing… It also comes with a configuration tool called Uncomplicated Firewall (UFW) which can be used to manage firewall app….

The tool is user-friendly and allows system admins to manage Ubuntu firewall module.. You can use UFW to enable and manage firewall rules as well as disable it if it’s already enabled…

This brief tutorial shows students and new users how enable and manage Ubuntu firewall on Ubuntu 16.04 | 18.04 servers and create rules that will keep your server secured and protected from external threats…When you’re ready to manage Ubuntu firewall, follow the steps below:

Step 1: Enable Ubuntu Firewall

Since the firewall module is disabled by default, the commands below enables it… But first, run the commands below to see the status of the firewall system…

sudo ufw status

That should display similar message as below: Status: inactive

Status: inactive

This is the default state of the firewall module…

You can also run the commands below to check the status

sudo ufw status verbose

Now… to protect your server, you’ll want to enable the firewall module… If the firewall is activated, by default, it will block all incoming connections and allow all outbound connections…

So if you’re running servers and services that must be assessed externally, you’ll want to allow those traffic…

The good thing about Ubuntu is many of the popular servers and services have profiles that can be managed via UFW to allow and disallow traffic to them…

The apt command adds an application profile to /etc/ufw/applications.d directory… You can list these profiles by running the commands below:

sudo ufw app list

You should see a list of apps that can easily be allowed and disallowed via UFW…

Available applications:
  Nginx Full
  Nginx HTTP
  Nginx HTTPS
  OpenSSH
..........

Now you can easily run the commands below to allow external traffic to Nginx HTTP server…

sudo ufw app info 'Nginx Full'

To allow SSH run the commands below:

sudo ufw allow OpenSSH

You can also use the service name instead of the app profile to enable or disable it… For example,, if you  wish to enable HTTP over port 80, run the commands below:

sudo ufw allow http

Or HTTPS, run the commands below:

sudo ufw allow https

The same can also be accomplished using the commands below to allow HTTP over TCP on port 80 or HTTPS over TCP on port 443

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

You can do that for all the apps you want to allow traffic to.. After you’ve updated the firewall rules, you can finally enable UFW..

sudo ufw enable

To allow specific computer via IP address 192.168.1.2, run the commands below:

sudo ufw allow from 192.168.1.2

To deny the same IP, run the commands below:

sudo ufw deny from 192.168.1.2

That should enable the enable the firewall and the rules you created above…

Step 2: Disable Ubuntu Firewall

If you want to disable Ubuntu firewall, you can run the commands below to disable it…

sudo ufw disable

The command above will stop and disable the firewall but it will not delete the firewall rules…. The next time you enable to firewall, it should automatically reapply those rules you enabled previously…

To disable and delete all the rules, simply run the commands below:

sudo ufw reset

You’ll be prompted whether to continue with the change…

Resetting all rules to installed defaults. This may disrupt existing ssh
connections. Proceed with operation (y|n)? y

Type Y to accept and continue..

That should do it.. There are more rules that could be added to Ubuntu firewall configurations…. but the few above should get you started…

You may also like the post below:

VirtualBox 6.0.4 Released — Here’s How to Install / Upgrade on Ubuntu 16.04 / 18.04

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.