You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

3.4 KiB

Alias Tag Date DocType Hierarchy TimeStamp location CollapseMetaTable
2021-10-04 Personal NonRoot

Parent:: Selfhosting, Server Alias, Server Cloud, Server Tools, Server VPN


name Save
type command
action Save current file
id Save


Configuring UFW

title: Summary
collapse: open
Description of basic commands for UFW

style: number

Installation and activation


UFW should be installed by default in Ubuntu servers. If not, see below.

Installation of UFW

sudo apt install ufw

Activation of UFW

sudo ufw status

If disabled:

sudo ufw enable

Basic commands


UFW rules status

sudo ufw status

Commands can be appended:

  • verbose: details incoming/outgoing rules
  • numbered: display rule numbers

UFW rule management


Allow / Deny
sudo ufw allow/deny


Type to allow Syntax
IP from (ip address/range)
Port (portnumber)/(protocol)
Service (service name)
Protocol proto (protocol name)

Rule priority

Certain rules like IP denial need to be put on top of the rule stack as UFW reads rules in order one after another. Insert the following in the command to force insertion:

insert 1 (or any place in the pecking order)

Complex rule syntax

Finer rules can be defined with the following syntax.

rule condition syntax
connecting IP from (ip or any)
internal IP to (ip or any)
protocol proto (protocol or any)
port port (port or any)
outgoing traffic out

Delete a rule
sudo ufw delete <rule number>

Ban List management


Ban List Folder


Ban List Script



while IFS= read -r block
    sudo ufw insert 1 deny from "$block"
done < "$INPUT"

Once written, the script needs to be executed. To prepare:

sudo chmod +x /etc/addip4ban/

Ban List Document

title: blocked.ip.list
< ip1 >
< ip2/range >
< ip3 >

Ban list Update Process

Copy/paste the new ban list into blocked.ip.list and run:

sudo bash /etc/addip4ban/

Ban List Tasks
