Obsidian/05.02 Networks/Configuring UFW.md

---

Alias: ["UFW"]
Tag: ["Server", "Firewall"]
Date: 2021-10-04
DocType: "Personal"
Hierarchy: "NonRoot"
TimeStamp:
location: [51.514678599999996, -0.18378583926867909]
CollapseMetaTable: Yes

---

Parent:: [[Selfhosting]], [[Server Alias]], [[Server Cloud]], [[Server Tools]], [[Server VPN]]

---

 

```button
name Save
type command
action Save current file
id Save
```
^button-UFWSave

 

# Configuring UFW

 

```ad-abstract
title: Summary
collapse: open
Description of basic commands for UFW
```

 

```toc
style: number
```

 

---

 

### Installation and activation

 

UFW should be installed by default in Ubuntu servers. If not, see below.

 

#### Installation of UFW

```ad-command
~~~
sudo apt install ufw
~~~
```

 

#### Activation of UFW

```ad-command
~~~
sudo ufw status
~~~
```

If disabled:

```ad-command
~~~
sudo ufw enable
~~~
```

 

---

 

### Basic commands

 

#### UFW rules status

```ad-command
~~~
sudo ufw status
~~~
```

Commands can be appended:
- `verbose`: details incoming/outgoing rules
- `numbered`: display rule numbers

 

#### UFW rule management

##### Allow / Deny

```ad-command
~~~
sudo ufw allow/deny
~~~
```

Then:

| Type to allow | Syntax
|--------------|--------
**IP** | from (ip address/range)
**Port** | (portnumber)/(protocol)
**Service** | (service name)
**Protocol** | proto (protocol name)

 

##### Rule priority

Certain rules like IP denial need to be put on top of the rule stack as UFW reads rules in order one after another. Insert the following in the command to force insertion:

```ad-command
~~~
insert 1 (or any place in the pecking order)
~~~
```

 

##### Complex rule syntax

Finer rules can be defined with the following syntax.

| rule condition | syntax
|--------------|--------
**connecting IP** | from (ip or any)
**internal IP** | to (ip or any)
**protocol** | proto (protocol or any)
**port** | port (port or any)
**outgoing traffic** | out