---

Alias: ["UFW"]
Tag: ["Server", "Firewall"]
Date: 2021-10-04
DocType: "Personal"
Hierarchy: "NonRoot"
TimeStamp:
location: [51.514678599999996, -0.18378583926867909]
CollapseMetaTable: Yes

---

Parent:: [[Selfhosting]], [[Server Alias]], [[Server Cloud]], [[Server Tools]], [[Server VPN]]

---

 ^Top

 

```button
name Save
type command
action Save current file
id Save
```
^button-UFWSave

 

# Configuring UFW

 

```ad-abstract
title: Summary
collapse: open
Description of basic commands for UFW
```

 

```toc
style: number
```

 

---

 

### Installation and activation
[[#^Top|TOP]]
 

UFW should be installed by default in Ubuntu servers. If not, see below.

 

#### Installation of UFW

```ad-command
~~~bash
sudo apt install ufw
~~~
```

 

#### Activation of UFW

```ad-command
~~~bash
sudo ufw status
~~~
```

If disabled:

```ad-command
~~~bash
sudo ufw enable
~~~
```

 

---

 

### Basic commands
[[#^Top|TOP]]
 

#### UFW rules status

```ad-command
~~~bash
sudo ufw status
~~~
```

Commands can be appended:
- `verbose`: details incoming/outgoing rules
- `numbered`: display rule numbers

 

#### UFW rule management
[[#^Top|TOP]]
##### Allow / Deny

```ad-command
~~~bash
sudo ufw allow/deny
~~~
```

Then:

| Type to allow | Syntax
|--------------|--------
**IP** | from (ip address/range)
**Port** | (portnumber)/(protocol)
**Service** | (service name)
**Protocol** | proto (protocol name)

 

##### Rule priority

Certain rules like IP denial need to be put on top of the rule stack as UFW reads rules in order one after another. Insert the following in the command to force insertion:

```ad-command
~~~bash
insert 1 (or any place in the pecking order)
~~~
```

 

##### Complex rule syntax

Finer rules can be defined with the following syntax.

| rule condition | syntax
|--------------|--------
**connecting IP** | from (ip or any)
**internal IP** | to (ip or any)
**protocol** | proto (protocol or any)
**port** | port (port or any)
**outgoing traffic** | out

[[#^Top|TOP]]