ufw command
ufw - program for managing a netfilter firewall
The ufw command (Uncomplicated Firewall) in Linux is a user-friendly front-end for managing iptables firewall rules. It simplifies setting up and controlling a firewall to secure your system by allowing or blocking network traffic.
Note: ufw is pre-installed on Ubuntu and some Debian-based systems. On others, install it with sudo apt install ufw or equivalent. Root privileges (via sudo) are required for most actions.
Usage: ufw [options] [command] [rule]
command: Action likeenable,allow,deny.rule: Specification of ports, services, or IPs.options: Flags to modify behavior.
Common Commands Summary
| Command | Description |
|---|---|
enable | Activate the firewall |
disable | Deactivate the firewall |
status | Show current status and rules |
allow | Permit traffic |
deny | Block traffic |
delete | Remove a rule |
reset | Clear all rules |
Examples
-
Enabling the Firewall
Turn on
ufwto start enforcing rules.sudo ufw enable- Output:
Firewall is active and enabled on system startup. - Activates the firewall and sets it to start on boot.
Warning: Ensure you’ve allowed necessary services (e.g., SSH) before enabling to avoid locking yourself out.
- Output:
-
Disabling the Firewall
Turn off
ufwto stop filtering traffic.sudo ufw disable- Output:
Firewall stopped and disabled on system startup.
- Output:
-
Checking Status
See if
ufwis active and what rules are in place.sudo ufw status- Output (if inactive):
Status: inactive - Output (if active with rules):
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
- Output (if inactive):
-
Allowing Traffic
Use
allowto permit incoming traffic on a port or service.Example (Port):
sudo ufw allow 22- Allows TCP traffic on port 22 (SSH).
Example (Service):
sudo ufw allow ssh- Same as above, using the service name (from
/etc/services).
Example (Specific IP):
sudo ufw allow from 192.168.1.100- Allows all traffic from
192.168.1.100.
-
Denying Traffic
Use
denyto block incoming traffic.sudo ufw deny 23- Blocks TCP traffic on port 23 (Telnet).
-
Deleting Rules
Remove a rule by referencing it.
sudo ufw delete allow 23- Deletes the rule allowing port 23.
List with Numbers:
sudo ufw status numbered- Output:
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW Anywhere
[ 2] 80/tcp ALLOW Anywhere - Delete by number:
sudo ufw delete 2
-
Resetting to Default
Clear all rules and disable
ufw.sudo ufw reset- Output:
Resetting all rules to installed defaults. Proceed? [y|n]. - Type
yto confirm.
- Output:
To get help related to the ufw command use --help option
$ ufw --help
Usage: ufw COMMAND
Commands:
enable enables the firewall
disable disables the firewall
default ARG set default policy
logging LEVEL set logging to LEVEL
allow ARGS add allow rule
deny ARGS add deny rule
reject ARGS add reject rule
limit ARGS add limit rule
delete RULE|NUM delete RULE
insert NUM RULE insert RULE at NUM
prepend RULE prepend RULE
route RULE add route RULE
route delete RULE|NUM delete route RULE
route insert NUM RULE insert route RULE at NUM
reload reload firewall
reset reset firewall
status show firewall status
status numbered show firewall status as numbered list of RULES
status verbose show verbose firewall status
show ARG show firewall report
version display version information
Application profile commands:
app list list application profiles
app info PROFILE show information on PROFILE
app update PROFILE update PROFILE
app default ARG set default application policy
For more details, check the manual with man ufw