Ubuntu comes with a firewall module by default, but it is disabled after installing. It also comes with a configuration tool called Uncomplicated Firewall (UFW) which can be used to manage firewall app.
The tool is user-friendly and allows system admins to manage Ubuntu firewall module. You can use UFW to enable and manage firewall rules as well as disable it if it’s already enabled.
This brief tutorial shows students and new users how enable and manage Ubuntu firewall on Ubuntu 16.04 | 18.04 servers and create rules that will keep your server secured and protected from external threats.When you’re ready to manage Ubuntu firewall, follow the steps below:
Step 1: Enable Ubuntu Firewall
Since the firewall module is disabled by default, the commands below enables it. But first, run the commands below to see the status of the firewall system.
sudo ufw status
That should display similar message as below: Status: inactive
This is the default state of the firewall module.
You can also run the commands below to check the status
sudo ufw status verbose
Now. to protect your server, you’ll want to enable the firewall module. If the firewall is activated, by default, it will block all incoming connections and allow all outbound connections.
So if you’re running servers and services that must be assessed externally, you’ll want to allow those traffic.
The good thing about Ubuntu is many of the popular servers and services have profiles that can be managed via UFW to allow and disallow traffic to them.
The apt command adds an application profile to /etc/ufw/applications.d directory. You can list these profiles by running the commands below:
sudo ufw app list
You should see a list of apps that can easily be allowed and disallowed via UFW.
Available applications: Nginx Full Nginx HTTP Nginx HTTPS OpenSSH .
Now you can easily run the commands below to allow external traffic to Nginx HTTP server.
sudo ufw app info 'Nginx Full'
To allow SSH run the commands below:
sudo ufw allow OpenSSH
You can also use the service name instead of the app profile to enable or disable it. For example,, if you wish to enable HTTP over port 80, run the commands below:
sudo ufw allow http
Or HTTPS, run the commands below:
sudo ufw allow https
The same can also be accomplished using the commands below to allow HTTP over TCP on port 80 or HTTPS over TCP on port 443
sudo ufw allow 80/tcp sudo ufw allow 443/tcp
You can do that for all the apps you want to allow traffic to. After you’ve updated the firewall rules, you can finally enable UFW.
sudo ufw enable
To allow specific computer via IP address 192.168.1.2, run the commands below:
sudo ufw allow from 192.168.1.2
To deny the same IP, run the commands below:
sudo ufw deny from 192.168.1.2
That should enable the enable the firewall and the rules you created above.
Step 2: Disable Ubuntu Firewall
If you want to disable Ubuntu firewall, you can run the commands below to disable it.
sudo ufw disable
The command above will stop and disable the firewall but it will not delete the firewall rules. The next time you enable to firewall, it should automatically reapply those rules you enabled previously.
To disable and delete all the rules, simply run the commands below:
sudo ufw reset
You’ll be prompted whether to continue with the change.
Resetting all rules to installed defaults. This may disrupt existing ssh connections. Proceed with operation (y|n)? y
Type Y to accept and continue.
That should do it. There are more rules that could be added to Ubuntu firewall configurations. but the few above should get you started.
You may also like the post below: