ufw Command Examples in Linux

Many firewall solutions are available for Linux/Unix-based operating systems, such as Raspbian OS in the case of Raspberry Pi. These firewall solutions have IP tables underneath to filter packets coming from different sources and allow only the legitimate ones to enter the system. IP tables are installed in Raspberry Pi by default but are not set up. It is a bit tedious to set up the default IP table. So, we will use an alternate tool, Uncomplicated Fire Wall (UFW), which is extremely easy to set up and use ufw.

Below are a few examples of the ufw command.

ufw Command Examples

1. Enable ufw:

# ufw enable

2. Disable ufw:

# ufw disable

3. Show ufw rules, along with their numbers:

# ufw status numbered

4. Allow incoming traffic on port 5432 on this host with a comment identifying the service:

# ufw allow 5432 comment "Service"

5. Allow only TCP traffic from 192.168.0.4 to any address on this host, on port 22:

# ufw allow proto tcp from 192.168.0.4 to any port 22

6. Deny traffic on port 80 on this host:

# ufw deny 80

7. Deny all UDP traffic to ports in range 8412:8500:

# ufw deny proto udp from any to any port 8412:8500

8. Delete a particular rule. The rule number can be retrieved from the `ufw status numbered` command:

# ufw delete rule_number

9. Check the status of UFW:

# ufw status

10. Add a new rule to allow SSH:

# ufw allow ssh

11. Alternatively, you can use a port number to open a particular port:

# ufw allow 22

12. Allow only TCP traffic over HTTP (port 80):

# ufw allow http/tcp

13. Deny incoming FTP traffic:

# ufw deny ftp

14. Check all added rules before starting the firewall:

# ufw show added

15. Get a numbered list of added rules:

# ufw status numbered

16. You can also allow all ports in a range by specifying a port range:

# ufw allow 1050:5000/tcp

17. If you want to open all ports for a particular IP address, use the following command:

# ufw allow from 10.0.2.100

18 Alternatively, you can allow an entire subnet, as follows:

# ufw allow from 10.0.2.0/24

19. You can also allow or deny a specific port for a given IP address:

# ufw allow from 10.0.2.100 to any port 2222
# ufw deny from 10.0.2.100 to any port 5223

20. To specify a protocol in the preceding rule, use the following command:

# ufw deny from 10.0.2.100 proto tcp to any port 5223

21. Deleting rules:

# ufw delete allow ftp

22. Delete rules by specifying their numbers:

# ufw status numbered
# ufw delete 2

23. Add a new rule at a specific number:

# ufw insert 1 allow 5222/tcp # Inserts a rule at number 1

24. If you want to reject outgoing FTP connections, you can use the following command:

# ufw reject out ftp

25. UFW also supports application profiles. To view all application profiles, use the following command:

# ufw app list

26. Get more information about the app profile using the following command:

# ufw app info OpenSSH

27. Allow the application profile as follows:

# ufw allow OpenSSH

28. Set ufw logging levels [off|low|medium|high|full] with the help of the following command:

# ufw logging medium

29. View firewall reports with the show parameter:

# ufw show added    # list of rules added
# ufw show raw    # show complete firewall

30 Reset ufw to its default state (all rules will be backed up by UFW):

# ufw reset
Related Post