How To Configure Firewall with UFW on Ubuntu 22.04

Introduction

When it comes to configuring firewall on Ubuntu server, you have two primary options: ufw (Uncomplicated Firewall) and iptables. Both tools provide firewall functionality but differ in terms of ease of use and complexity.

UFW vs IPTables

UFW (Uncomplicated Firewall) is a front-end for iptables that aims to simplify the process of configuring a firewall. It provides a user-friendly command-line interface and allows you to manage firewall rules using human-readable syntax. UfW provides a set of default rules that are easy to understand and configure. If you create your rules with ufw, you'll see them when you run iptables -L -n -v.

IPTables provides granular control over network traffic by allowing you to define rules based on various criteria such as IP addresses, ports, protocols, and more. iptables has a more complex syntax compared to ufw but offers greater flexibility and advanced features.

IPTables gives you more flexibility, but it's also slightly more complicated to configure. So use whichever one you're most happy with. If you use iptables, remember that it only affects IPv4 - you need to also use ip6tables if your server has IPv6.

In this article, we will see how to configure and manage the UFW firewall on Ubuntu 22.04.

How to Configure and Manage the UFW Firewall

1. Checking UFW Status

To check the current status of UFW, run the following command:

$ sudo ufw status

This will show you if UFW is active or inactive, the default input and output policies, and any rules that have been created.

A fresh Ubuntu 22.04 installation will have UFW inactive by default.

2. Allowing Incoming Connections

To allow incoming connections on a specific port, you need to allow that port using UFW. For example, to allow HTTP traffic on port 80, run:

$ sudo ufw allow 80/tcp

This will allow all incoming TCP connections on port 80. You can also specify the IP address to allow only for a specific host:

$ sudo ufw allow from 192.168.1.100 to any port 80

To allow both TCP and UDP protocols on port 123, run:

$ sudo ufw allow 123/tcp
$ sudo ufw allow 123/udp

3. Allow HTTP/HTTPS Traffic

It is a common requirement to allow incoming HTTP and HTTPS traffic. You can do that with:

$ sudo ufw allow 'Apache Full'

This will allow HTTP traffic on port 80 and HTTPS traffic on port 443.

4. Allow Specific Ports

To allow multiple ports at once, specify the starting and ending ports:

$ sudo ufw allow 2000:2100/tcp

This will allow all ports from 2000 to 2100. You can also specify ports in a comma-separated list:

$ sudo ufw allow 80,443,8080/tcp
$ sudo ufw allow 22,25,110/tcp  

5. Allow SSH Connections

To allow incoming SSH connections on port 22, run:

$ sudo ufw allow 22/tcp

This is required to manage your Ubuntu server remotely using SSH.

6. Allow DNS Traffic

DNS uses UDP protocol on port 53. To allow incoming DNS queries, run:

$ sudo ufw allow 53/udp

7. Allow VNC Connections

To allow incoming VNC connections (usually port 5900 ), run:

$ sudo ufw allow 5900/tcp

8. Block Unwanted Connections

To block specific ports or protocols, use deny instead of allow. For example, to block incoming SMTP traffic:

$ sudo ufw deny 25/tcp

You can also block all incoming connections on a specific port:

$ sudo ufw deny 8080/tcp

9. Setting Default Policies

By default, the UFW incoming policy is set to deny, which means all incoming traffic is blocked. You can change this policy using:

$ sudo ufw default deny incoming      # To deny all incoming traffic
$ sudo ufw default allow incoming     # To allow all incoming traffic

Similarly, you can set the default outgoing policy using:

$ sudo ufw default deny outgoing
$ sudo ufw default allow outgoing

It is recommended to keep the default incoming policy as deny for security.

10. Checking UFW Logs

You can enable logging with the command:

$ sudo ufw logging on

Log levels can be set by running sudo ufw logging low|medium|high, selecting either low, medium, or high from the list. The default setting is low.

UFW keeps logs of denied connections in /var/log/ufw.log. You can view the log file using:

$ sudo less /var/log/ufw.log

To enable verbose logging, run:

$ sudo ufw logging verbose

Then UFW will log all allowed and denied connections.

11. Deleting UFW Rules

The syntax is as follows to list all of the current rules in a numbered list format:

$ sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 80/tcp                     ALLOW IN    Anywhere                   # accept Apache
[ 3] 443/tcp                    ALLOW IN    Anywhere                   # accept HTTPS connections
[ 4] 1194/udp                   ALLOW IN    Anywhere                   # OpenVPN server
[ 5] 3000:4000/tcp              ALLOW IN    Anywhere
[ 6] 3000:4000/udp              ALLOW IN    Anywhere

To delete 6th rule type the command:

$ sudo ufw delete 6

You can also delete rules for a specific port:

$ sudo ufw delete allow 80

To flush all UFW rules and restore the default policy, run:

$ sudo ufw reset

12. Restoring UFW Default Rules

If you have changed UFW rules and want to restore the default rules, run:

$ sudo ufw disable
$ sudo ufw reset
$ sudo ufw enable

This will:
- Disable UFW
- Flush existing rules
- Re-enable UFW with the default configuration
This ensures UFW works with the default settings again.

13. Enabling and Disabling UFW

To enable UFW and start enforcing the firewall rules, run:

$ sudo ufw enable

To temporarily disable UFW, run:

$ sudo ufw disable

14. Enabling IPv6 support

Make sure the directive IPV6=yes do exists in /etc/default/ufw file. For instance:

$ cat /etc/default/ufw

Conclusion

UFW is a powerful tool that can greatly improve the security of your servers when properly configured. This reference guide covers some common UFW rules that are often used to configure a firewall on Ubuntu. Your firewall is now configured to allow (at least) SSH connections. Be sure to allow any other incoming connections that your server needs, while limiting any unnecessary connections, so your server will be functional and secure.

I hope this helps you configure and manage UFW firewall on Ubuntu 22.04. Let me know if you have any other questions!