How To Install and Config UFW Firewall on Ubuntu 22.04

The UFW is the default firewall software installed on Ubuntu. We will show you how to install and config UFW firewall on Ubuntu 22.04.


What is the Use of UFW in Ubuntu Linux?

The UFW (Uncomplicated Firewall) is a frontend for iptables and is particularly well-suited for host-based firewalls. UFW provides a framework for managing netfilter, as well as a command-line interface for manipulating the firewall.

UFW is a great firewall tool that is designed to be run on hosts or servers. It allows or blocks incoming and outgoing connections to and from the server. You can block ports, IPs or even entire subnets using UFW. It is not as flexible as iptables but is vastly easier for basic operations.

UFW vs IPTables

When it comes to configuring firewall on Ubuntu server, you have two primary options: ufw and iptables. Both tools provide firewall functionality but differ in terms of ease of use and complexity.

UFW is a front-end for iptables that aims to simplify the process of configuring a firewall. It provides a user-friendly command-line interface and allows you to manage firewall rules using human-readable syntax. UfW provides a set of default rules that are easy to understand and configure.

IPTables provides granular control over network traffic by allowing you to define rules based on various criteria such as IP addresses, ports, protocols, and more. IPTables gives you more flexibility, but it's also slightly more complicated to configure. So use whichever one you're most happy with. If you use iptables, remember that it only affects IPv4 - you need to also use ip6tables if your server has IPv6.

In this article, we will show you how to install and config the UFW firewall on Ubuntu 22.04.

How to Install UFW Firewall

To install UFW on Ubuntu, follow these 3 steps.

Step 1: SSH into the Linux system

To install UFW, you need to SSH into the system.

Step 2: Update system check settings
$ sudo apt update
$ sudo apt upgrade

To check if ufw is installed, you can use the which command:

$ which ufw

And if the result doesn’t show output, it means ufw is not installed and you should install it like below.

Step 3: Install UFW

$ sudo apt-get install ufw

After your ufw installation is complete, use the command below to check. The initial default after installation, UFW will be disabled because it has not been activated and you have to enable it manually.

$ sudo ufw status verbose

Status: inactive

Step 4: Enable UFW, Activate UFW After Installation

To enable UFW and start enforcing the firewall rules, run:

$ sudo ufw enable

To temporarily disable UFW, run:

$ sudo ufw disable

How to Config UFW Firewall

Use ufw to manage firewall rules, add/delete/restore/reset ufw rules.

1. UFW Check Status

To check the current status of UFW, run the following command:

$ sudo ufw status

This will show you if UFW is active or inactive, the default input and output policies, and any rules that have been created.

A fresh Ubuntu 22.04 installation will have UFW inactive by default.

2. UFW Allow Port

To allow incoming connections on a specific port, you need to allow that port using UFW. For example, to allow HTTP traffic on port 80, run:

$ sudo ufw allow 80/tcp

This will allow all incoming TCP connections on port 80. You can also specify the IP address to allow only for a specific host:

$ sudo ufw allow from to any port 80

To allow both TCP and UDP protocols on port 123, run:

$ sudo ufw allow 123/tcp
$ sudo ufw allow 123/udp

3. UFW Allow Multiple Ports

To allow multiple ports at once, specify the starting and ending ports:

$ sudo ufw allow 2000:2100/tcp

This will allow all ports from 2000 to 2100. You can also specify ports in a comma-separated list:

$ sudo ufw allow 80,443,8080/tcp
$ sudo ufw allow 22,25,110/tcp  

4. UFW Allow HTTP/HTTPS Traffic

It is a common requirement to allow incoming HTTP and HTTPS traffic. You can do that with:

$ sudo ufw allow 'Apache Full'

This will allow HTTP traffic on port 80 and HTTPS traffic on port 443.

5. UFW Allow SSH

To allow incoming SSH connections on port 22, run:

$ sudo ufw allow 22/tcp

This is required to manage your Ubuntu server remotely using SSH.

6. UFW Allow DNS Traffic

DNS uses UDP protocol on port 53. To allow incoming DNS queries, run:

$ sudo ufw allow 53/udp

7. UFW Allow VNC

To allow incoming VNC connections (usually port 5900 ), run:

$ sudo ufw allow 5900/tcp

8. UFW Deny Port

To block specific ports or protocols, use deny instead of allow. For example, to block incoming SMTP traffic:

$ sudo ufw deny 25/tcp

Closing tcp and udp ports, replace 80 with the desired port number:

$ sudo ufw deny 80

For a port range you use the syntax:

$ ufw deny 1234:2345
$ ufw deny 1234:2345/tcp
$ ufw deny 1234:2345/udp

9. UFW Set Default Policies

By default, the UFW incoming policy is set to deny, which means all incoming traffic is blocked. You can change this policy using:

$ sudo ufw default deny incoming      # To deny all incoming traffic
$ sudo ufw default allow incoming     # To allow all incoming traffic

Similarly, you can set the default outgoing policy using:

$ sudo ufw default deny outgoing
$ sudo ufw default allow outgoing

It is recommended to keep the default incoming policy as deny for security.

10. UFW Checking Logs

You can enable logging with the command:

$ sudo ufw logging on

Log levels can be set by running sudo ufw logging low|medium|high, selecting either low, medium, or high from the list. The default setting is low.

UFW keeps logs of denied connections in /var/log/ufw.log. You can view the log file using:

$ sudo less /var/log/ufw.log

To enable verbose logging, run:

$ sudo ufw logging verbose

Then UFW will log all allowed and denied connections.

11. UFW Delete Rules

The syntax is as follows to list all of the current rules in a numbered list format:

$ sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 80/tcp                     ALLOW IN    Anywhere                   # accept Apache
[ 3] 443/tcp                    ALLOW IN    Anywhere                   # accept HTTPS connections
[ 4] 1194/udp                   ALLOW IN    Anywhere                   # OpenVPN server
[ 5] 3000:4000/tcp              ALLOW IN    Anywhere
[ 6] 3000:4000/udp              ALLOW IN    Anywhere

To delete 6th rule type the command:

$ sudo ufw delete 6

You can also delete rules for a specific port:

$ sudo ufw delete allow 80

To flush all UFW rules and restore the default policy, run:

$ sudo ufw reset

12. UFW Restore to default

For some reason, you need to restore/delete all existing rules to return to the original defaults, use the reset option to do the following:

$ sudo ufw disable
$ sudo ufw reset
$ sudo ufw enable

This will:
- Disable UFW
- Flush existing rules
- Re-enable UFW with the default configuration
This ensures UFW works with the default settings again.

13. UFW Enable IPv6

Make sure the directive IPV6=yes do exists in /etc/default/ufw file. For instance:

$ cat /etc/default/ufw


UFW is a powerful tool that can greatly improve the security of your servers when properly configured. This reference guide covers some common UFW rules that are often used to configure a firewall on Ubuntu. Your firewall is now configured to allow (at least) SSH connections. Be sure to allow any other incoming connections that your server needs, while limiting any unnecessary connections, so your server will be functional and secure.

I hope this helps you configure and manage UFW firewall on Ubuntu 22.04. Let me know if you have any other questions!