Ubuntu 22.04 LTS Setup UFW Firewall in 5 Minutes
By Robert Mills
Table of Contents
Ubuntu 22.04 LTS comes with UFW (Uncomplicated Firewall) to guard against unwanted access to the desktop or server. UFW is a user-friendly front-end application in a a Linux packet filtering system for Net filter. At first Net filter rules are set up or configured using the Iptables Command by developers and system admins. For new Ubuntu Linux users and developers unfamiliar with firewall concepts find Net filter syntax confusing. So they use UFW with easy to use frontend for Ubuntu 22.04 LTS Linux server and desktop.
This complete guide covers setup, rules, and management in under 5 minutes.

Why Use UFW?
UFW makes firewall setup super easy by turning confusing iptables commands into simple ones like “UFW allow SSH.” It automatically blocks all unwanted incoming traffic but lets your server send stuff out safely. Pre-installed on every Ubuntu 22.04 LTS system, so no downloads needed. Starts automatically after reboots through systemd – no extra setup. Perfect for beginners who want pro-level security without the headache.
Perquisites:
Before configuring UFW, ensure your Ubuntu 22.04 LTS server is ready. First, follow our 6 Steps to Configure VPS Server Guide to gain SSH access with Ubuntu OS, update packages, and set up sudo privileges.
To follow this tutorial, you’ll need:
- Ubuntu 22.04 LTS server with a non-root user having sudo privileges
UFW comes pre-installed on Ubuntu. If missing, install with:
sudo apt update
sudo apt install ufw
How to Setup UFW Firewall in 5 Minutes:
Step 1: Check UFW Status
See if UFW is off:
sudo ufw status
Step 2: Block all incoming, allow outgoing
Block all incoming connections and only allow outgoing connections from the Ubuntu 22.04 LTS cloud server.
Command: [ Run one after another]
sudo ufw default deny incoming
sudo ufw default allow outgoing
Step 3: Make sure IPv6 support is enabled
Command:
grep IPV6 /etc/default/ufw
If it shows IPV6=no or nothing, edit the file.
Command:
sudo nano /etc/default/ufw
Change or add this line:
IPV6=yes
Save the File.
Step 4: Open SSH
Allow incoming SSH connections on the default TCP port 22 as follows:
Standard SSH Port – 22
Command:
sudo ufw allow ssh
Custom SSH port (example: 24)
Command:
sudo ufw allow 283/tcp
Protect from brute-force attacks – limit SSH port access:
Command:
sudo ufw limit ssh
Step 5: Turning on the Firewall
Command:
sudo ufw enable
You need to confirm the operation by typing the y and followed by the [Enter] key:
Once done the UFW will be enabled. To check the current status of firewall,
Command:
sudo ufw status
Output:
Status: active
To Action From
— —— —-
22/tcp ALLOW Anywhere
Step 6: Allowing TCP or UDP ports
Command:
sudo ufw allow 80/tcp comment 'Allow Apache HTTP'
sudo ufw allow 443/tcp comment 'Allow Nginx HTTPS'
or
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
Comment is like add notes to the firewall rules, it shows like in the firewall rules – ufw status
Example:
80/tcp ALLOW Anywhere # Allow Apache HTTP
Step 7: Viewing firewall rules
You can see firewall status with the list of RULES:
Command:
sudo ufw status numbered
Note – numbered Shows rules with numbers, for easy deletion
Step 8: Deleting UFW firewall rules
Command:
sudo ufw delete 6
Note – Enter the Number [row number] of Rule that you want to delete from the UFW
Step 9: Stopping and removing UFW
If you don’t need UFW, we can Disable it.
Command:
sudo ufw disable
sudo ufw reset
First command is to Disable the UFW rules.
Second command is to disables UFW and deletes all your custom rules, returning it to its factory defaults (deny incoming, allow outgoing)
Use disable for temporary stops, and reset for a clean slate.
Additional Details – Advanced UFW Rules:
Opening TCP and UDP port ranges:
Command:
sudo ufw allow 4000:4200/tcp
sudo ufw allow 4000:4200/udp
Note – Opens every port from 4000 to 4200 (TCP) in one command. Great for apps using multiple ports.
Allowing connection from a single IP:
Command:
sudo ufw allow from 46.105.219.171
Note – Only IP 100.253.344.111 can connect to any port on your server. Everyone else is blocked.
Allowing connection from a single IP to a single port:
Command:
sudo ufw allow from 46.105.219.171 to any port 25
Note – IP 100.253.344.111 can connect only to port 25 (email). Other ports still blocked for them.
Blocking a connection from a single IP:
Command:
sudo ufw deny from 46.105.219.171
Note – IP 46.105.219.171 blocked completely – no access to any port.
Closing a Single Port:
Command:
sudo ufw deny 23/tcp
sudo ufw deny 23/tcp comment 'Block telnet'
Note – Port 23 is closed to everyone. Comment helps you remember why.
Hope this helps you learn how to safeguard your Ubuntu 24.04 LTS Linux server.