UFW - Uncomplicated Firewall

Managing a firewall with UFW

What is UFW?


gufw uncomplicated firewall
Uncomplicated Firewall or "ufw" for short is a simple command line driven tool that allows you to manipulate your firewall settings with a small subset of easy to learn commands. Ufw is generally available to Debian based Ubuntu systems.

Traditionally "iptables" is the command line tool that is used for manipulating your firewall settings. ufw is a front end to iptables. Graphical user interfaces are also available for "ufw".


The easy to use Graphical interface allows the configuring of your Ubuntu firewall. "gufw" allows for the easy management of common tasks such as allowing or blocking pre-configured services, common P2P, or individual IP/port(s).

"gufw" is available to download from your repositories by either using the command:

sudo apt-get install gufw

or by searching for gufw within the "Ubuntu Software centre". Once located, simply click on the install option.

More information regarding the graphical user interface for ufw can be found at the developers site: GUFW Developers Site



Basic Command Example


The following example is an indication of some of the commands that can be used to create a simple rule and check the current status of your firewall. The following commands would allow ssh access, enable logging, and display the status of the firewall:


john@booboo:~$ sudo ufw allow ssh/tcp
john@booboo:~$ sudo ufw logging on
john@booboo:~$ sudo ufw enable
john@booboo:~$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
22/tcp                     ALLOW       Anywhere (v6)

Advanced Functionality


"ufw" can be used to to carry out any functionality that "iptables" can do. This is achieved by using several sets of rule files.

/etc/default/ufw: High Level Configuration, Default Policies, IPv6 support and kernel modules to use.

/etc/ufw/before.rules: These rules are evaluated before any rules added via the ufw command.

/etc/ufw/after.rules: These rules are evaluated after any rules added via the ufw command.

/etc/ufw/sysctl.conf: kernel network tunables.

/var/lib/ufw/user.rules or /lib/ufw/user.rules (0.28 and later): These are rules added by the ufw command. This file should not be edited by hand.

/etc/ufw/ufw.conf: This sets whether or not "ufw" is enabled on boot, and in 9.04 (ufw 0.27) and later, sets the LOGLEVEL

After modifying any of the above files, activate the new settings by issuing the following commands:


$ sudo ufw disable
$ sudo ufw enable


What Version of ufw?



john@booboo:~$ sudo ufw version
ufw 0.31.1-1
Copyright 2008-2010 Canonical Ltd.

Check Status of Firewall


Command: sudo ufw status


john@booboo:~$ sudo ufw status
[sudo] password for john:
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
22/tcp                     ALLOW       Anywhere (v6)

Block a Port with ufw


The following command will block port 80:


john@booboo:~$ sudo ufw deny 80/tcp
Rule added
Rule added (v6)
john@booboo:~$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
80/tcp                     DENY        Anywhere
22/tcp                     ALLOW       Anywhere (v6)
80/tcp                     DENY        Anywhere (v6)

Delete a Rule


To delete a rule, simply add the word "delete" before the command that created the rule:

Command: sudo ufw delete deny 80/tcp


john@booboo:~$ sudo ufw delete deny 80/tcp
Rule deleted
Rule deleted (v6)
john@booboo:~$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
22/tcp                     ALLOW       Anywhere (v6)

List Rules with a Line Number


It is often easier to refer to a rule by its line number. To find out what number is associated with a rule, we use the option "numbered" with the status command:


john@booboo:~$ sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 80/tcp                     DENY IN     Anywhere
[ 3] 22/tcp                     ALLOW IN    Anywhere (v6)
[ 4] 80/tcp                     DENY IN     Anywhere (v6)

Delete a Rule by its Line Number


To delete a rule using its line number, we simply pass "delete" followed by the line number:


john@booboo:~$ sudo ufw delete 4
Deleting:
 deny 80/tcp
Proceed with operation (y|n)? y
Rule deleted (v6)

List Applications with profiles


Some applications come with predefined ufw profiles. To view these available profiles on your system, simply issue the following command:

 
john@booboo:~$ sudo ufw app list
Available applications:
  CUPS
  OpenSSH

Display Information about a profile


To view profile information, issue the "app info" option:


john@booboo:~$ sudo ufw app list
Available applications:
  CUPS
  OpenSSH
john@booboo:~$ sudo ufw app info OpenSSH
Profile: OpenSSH
Title: Secure shell server, an rshd replacement
Description: OpenSSH is a free implementation of the Secure Shell protocol.

Port:
  22/tcp

Further help with ufw


To view all of the many options available to "ufw", simply issue the command "man ufw" from your terminal.

You may also issue "ufw --help for a quick command overview:

ufw --help



john@john-desktop:~$ ufw --help

Usage: ufw COMMAND

Commands:
 enable                          enables the firewall
 disable                         disables the firewall
 default ARG                     set default policy
 logging LEVEL                   set logging to LEVEL
 allow ARGS                      add allow rule
 deny ARGS                       add deny rule
 reject ARGS                     add reject rule
 limit ARGS                      add limit rule
 delete RULE|NUM                 delete RULE
 insert NUM RULE                 insert RULE at NUM
 reset                           reset firewall
 status                          show firewall status
 status numbered                 show firewall status as numbered list of RULES
 status verbose                  show verbose firewall status
 show ARG                        show firewall report
 version                         display version information

Application profile commands:
 app list                        list application profiles
 app info PROFILE                show information on PROFILE
 app update PROFILE              update PROFILE
 app default ARG                 set default application policy