Ubuntu Setup UFW Firewall

Ubuntu 22.04 LTS Setup UFW Firewall in 5 Minutes

Ubuntu 22.04 LTS comes with UFW (Uncomplicated Firewall) to guard against unwanted access to the desktop or server. UFW is a user-friendly front-end application in a a Linux packet filtering system for Net filter. At first Net filter rules are set up or configured using the Iptables Command by developers and system admins. For new Ubuntu Linux users and developers unfamiliar with firewall concepts find Net filter syntax confusing. So they use UFW with easy to use frontend for Ubuntu 22.04 LTS Linux server and desktop.

This complete guide covers setup, rules, and management in under 5 minutes.

 Ubuntu 22.04 LTS Firewall Setup

 

Why Use UFW?

UFW makes firewall setup super easy by turning confusing iptables commands into simple ones like “UFW allow SSH.” It automatically  blocks all unwanted incoming traffic but lets your server send stuff out safely. Pre-installed on every Ubuntu 22.04 LTS system, so no downloads needed. Starts automatically after reboots through systemd – no extra setup. Perfect for beginners who want pro-level security without the headache.

Perquisites:

Before configuring UFW, ensure your Ubuntu 22.04 LTS server is ready. First, follow our 6 Steps to Configure VPS Server Guide to gain SSH access with Ubuntu OS, update packages, and set up sudo privileges.

To follow this tutorial, you’ll need:

  • Ubuntu 22.04 LTS server with a non-root user having sudo privileges

 

UFW comes pre-installed on Ubuntu. If missing, install with:

sudo apt update
sudo apt install ufw

 

How to Setup UFW Firewall in 5 Minutes:

Step 1: Check UFW Status

See if UFW is off:

sudo ufw status

 

Step 2: Block all incoming, allow outgoing

Block all incoming connections and only allow outgoing connections from the Ubuntu 22.04 LTS cloud server.

Command: [ Run one after another]

sudo ufw default deny incoming

sudo ufw default allow outgoing

 

Step 3: Make sure IPv6 support is enabled

Command:

grep IPV6 /etc/default/ufw

If it shows IPV6=no or nothing, edit the file.

Command:

sudo nano /etc/default/ufw

 

Change or add this line:

IPV6=yes

Save the File.

 

Step 4:  Open SSH

 Allow incoming SSH connections on the default TCP port 22 as follows:

Standard SSH Port – 22

Command:

sudo ufw allow ssh

Custom SSH port (example: 24)

Command:

sudo ufw allow 283/tcp

Protect from brute-force attacks – limit SSH port access:

Command:

sudo ufw limit ssh

 

Step 5: Turning on the Firewall

Command:

sudo ufw enable

You need to confirm the operation by typing the y and followed by the [Enter] key:

Once done the UFW will be enabled. To check the current status of firewall,

Command:

sudo ufw status

 

Output:

Status: active

To                         Action      From

—                         ——      —-

22/tcp                     ALLOW       Anywhere

 

Step 6: Allowing TCP or UDP ports

Command:

sudo ufw allow 80/tcp comment 'Allow Apache HTTP'

sudo ufw allow 443/tcp comment 'Allow Nginx HTTPS'

or

sudo ufw allow 80/tcp

sudo ufw allow 443/tcp

 

Comment is like add notes to the firewall rules, it shows like in the firewall rules – ufw status

Example:

80/tcp ALLOW Anywhere # Allow Apache HTTP

 

Step 7: Viewing firewall rules

You can see firewall status with the list of RULES:

Command:

sudo ufw status numbered

Note – numbered Shows rules with numbers,  for easy deletion

 

Step 8: Deleting UFW firewall rules

Command:

sudo ufw delete 6

Note – Enter the Number [row number] of Rule that you want to delete from the UFW

 

Step 9: Stopping and removing UFW

If you don’t need UFW, we can Disable it.

Command:

sudo ufw disable

sudo ufw reset

First command is to Disable the UFW rules.

Second command is to disables UFW and deletes all your custom rules, returning it to its factory defaults (deny incoming, allow outgoing)

Use disable for temporary stops, and reset for a clean slate.

 

Additional Details – Advanced UFW Rules:

Opening TCP and UDP port ranges:

Command:

sudo ufw allow 4000:4200/tcp

sudo ufw allow 4000:4200/udp

Note – Opens every port from 4000 to 4200 (TCP) in one command. Great for apps using multiple ports.

 

Allowing connection from a single IP:

Command:

sudo ufw allow from 46.105.219.171

Note – Only IP 100.253.344.111 can connect to any port on your server. Everyone else is blocked.

 

Allowing connection from a single IP to a single port:

Command:

sudo ufw allow from 46.105.219.171 to any port 25

Note – IP 100.253.344.111 can connect only to port 25 (email). Other ports still blocked for them.

 

Blocking a connection from a single IP:

Command:

sudo ufw deny from 46.105.219.171

Note – IP 46.105.219.171 blocked completely – no access to any port.

 

Closing a Single Port:

Command:

sudo ufw deny 23/tcp

sudo ufw deny 23/tcp comment 'Block telnet'

Note – Port 23 is closed to everyone. Comment helps you remember why.

 

Hope this helps you learn how to safeguard your Ubuntu 24.04 LTS Linux server.