The Uncomplicated Firewall (UFW) is a firewall management tool that makes it easier to configure the iptables service. UFW originated with Ubuntu® but can be downloaded and installed on other distributions. It is primarily useful for home users who don’t have experience with the intricacies of firewall configuration.
The ufw command enables you to work with the command-line interface. For example, the following commands set up an allow rule for HTTP, turn on logging, and enable the firewall. This automatically creates a default deny configuration for incoming traffic—in other words, everything without an explicit allow rule is dropped:
# ufw allow http/tcp # ufw logging on # ufw enable
SYNTAX
The syntax of the ufw command is:
# ufw [options] {action}
ufw Command Options
Option | Description |
–version | show program’s version number and exit |
-h, –help | show help message and exit |
–dry-run | don’t modify anything, just show the changes |
enable | reloads firewall and enables firewall on boot. |
disable | unloads firewall and disables firewall on boot |
reload | reloads firewall |
default allow|deny|reject DIRECTION | change the default policy for traffic going DIRECTION, where DIRECTION is one of incoming, outgoing or routed. Note that existing rules will have to be migrated manually when changing the default policy. |
logging on|off|LEVEL | toggle logging. Logged packets use the LOG_KERN syslog facility. Systems configured for rsyslog support may also log to /var/log/ufw.log. Specifying a LEVEL turns logging on for the specified LEVEL. The default log level is ‘low’. |
reset | Disables and resets firewall to installation defaults. Can also give the –force option to perform the reset without confirmation. |
status | show status of firewall and ufw managed rules. Use status verbose for extra information. |
show REPORT | display information about the running firewall. |
allow ARGS | add allow rule. |
deny ARGS | add deny rule. |
reject ARGS | add reject rule. |
limit ARGS | add limit rule. |
delete RULE|NUM | deletes the corresponding RULE |
insert NUM RULE | insert the corresponding RULE as rule number NUM |
The ufw is already installed on Ubuntu 16.04 and later versions. It still uses the iptables service, but it offers a vastly simplified set of commands. Perform just one simple command to open the desired ports and another simple command to activate it, and you have a good, basic firewall. Whenever you perform a ufw command, it will automatically configure both the IPv4 and the IPv6 rules. This alone is a huge time-saver, and much of what we’ve had to configure by hand with iptables is already there by default.