Pulsar67 Logo
How to configure UFW on Ubuntu

How to configure UFW on Ubuntu

By Trenton Barrett on March 27, 2025 (Last updated: March 27, 2025)

How to Configure a Firewall with UFW on Ubuntu

UFW (Uncomplicated Firewall) is a user-friendly interface to manage iptables — the default firewall tool in Ubuntu. This guide explains how to configure UFW to secure your server while keeping access to essential services.

Step 1: Check if UFW is Installed

UFW comes pre-installed on most Ubuntu systems. To confirm: 

sudo ufw status

If it's not installed, you can install it with:

sudo apt install ufw

Step 2: Allow SSH Before Enabling UFW

Before enabling UFW, make sure to allow SSH access, or you could lock yourself out of your server. 

sudo ufw allow OpenSSH

Warning:

Do not enable UFW before allowing SSH if you're connected remotely. Otherwise, you may lose access to your server.

Step 3: Enable UFW

Once SSH access is allowed, you can enable the firewall: 

sudo ufw enable

To check the status at any time:

sudo ufw status verbose

Step 4: Allow or Deny Other Services

You can allow or block access to other services by specifying their ports or service names: 

# Allow HTTP and HTTPS
sudo ufw allow http
sudo ufw allow https

# Or by port
sudo ufw allow 80
sudo ufw allow 443

You can also restrict access by IP address or subnet: 

sudo ufw allow from 203.0.113.5 to any port 22

Step 5: Delete a Rule

If you need to remove a rule, list the rules with numbered output: 

sudo ufw status numbered

Then delete a rule by its number:

sudo ufw delete 2

Step 6: Set Default Policies

UFW's default behavior is to deny all incoming and allow all outgoing traffic. You can manually set these defaults: 

sudo ufw default deny incoming
sudo ufw default allow outgoing

Step 7: Enable Logging (Optional)

UFW can log blocked connections, which helps with debugging or monitoring security: 

sudo ufw logging on

Logs are stored in /var/log/ufw.log

Step 8: Disable or Reset UFW (If Needed)

To temporarily disable UFW: 

sudo ufw disable

To reset all rules and start fresh:

sudo ufw reset

Use this with caution — it will delete all custom rules.

Conclusion

UFW provides a simple yet effective way to secure your server. By allowing only the traffic you need and denying everything else, you reduce your attack surface and protect your services from unauthorized access. Just remember to configure it carefully — especially when working on remote servers.

Back to Tutorials