Installing and using UFW on Ubuntu 16.04 LTS

On an Ubuntu server the default firewall management command is iptables. While iptables provides powerful functionality it’s syntax is often seen as complex. For most users a friendlier syntax can make managing your firewall much easier.

The uncomplicated firewall (UFW) is an alternative program to iptables for managing firewall rules. Most typical Ubuntu installations will include UFW by default. In cases where UFW isn’t included it’s just a quick command away!

Installing UFW on Ubuntu

Pre-Flight Check

  • These directions are intended to be done on any Ubuntu 16.04 LTS release.
  • You will need to be logged in to SSH as the root user.

Keeping with best practice we’ll quickly run package updates before we install UFW. Once that’s done and out of the way we can run the install.

apt update
apt upgrade

  1. Install UFW
    apt install ufw
  2. Check the install
    ufw --version

    ufw 0.35
    Copyright 2008-2015 Canonical Ltd.
    

And that is it, not much to the install and setup here. Nothing to enable or restart with systemd since UFW is a wrapper for iptables and netfilters.

Now to fully enable UFW simply run:

ufw enable

If you are migrating from an iptables based setup you will need to recreate the rules in UFW. For the best results you should setup the basic rules first and then enable UFW. This will help prevent locking yourself out if you’re working over SSH.

Examples using UFW

If you’re unfamiliar with firewall management then UFW and this quick list will make things a breeze! It really is pretty simple to use since programs can provide support for UFW in the form of app profiles. Using these profiles you can easily allow/deny access for the specific application.

  • List all the profiles provided by installed packages:
    ufw app list

    Available applications:
    Apache
    Apache Full
    Apache Secure
    OpenSSH
  • Allow access to Apache on both port 80 and 443:
    ufw allow "Apache Full"

    Rule added
    Rule added (v6)
  • Allow access to SSH:
    ufw allow "OpenSSH"

    Rule added
    Rule added (v6)
  • See the full status of UFW:
    ufw status verbose

    Status: active
    Logging: on (low)
    Default: deny (incoming), allow (outgoing), disabled (routed)
    New profiles: skip
    
    To                         Action      From
    --                         ------      ----
    22/tcp (OpenSSH)           ALLOW IN    Anywhere                  
    22/tcp (OpenSSH (v6))      ALLOW IN    Anywhere (v6)

Because of the cool App profiles feature in UFW most services can easily be opened up in your firewall. In our example the server is still pretty fresh and barebones so we don’t have that manage app profiles. As you install more applications, if they support UFW, then you’ll see those profiles listed when you run the app list command from above.

Be Sociable, Share!

Author Bio

About the Author: Dan Pock

Dan Pock does Technical Writing & Marketing at Liquid Web with a background in System Administration, Public Relations, and Customer Service.

His favorite things include: his cats, Oscar Boots and Dash Nouget; experimenting with PHP; and making up recipes (or at least attempting to). You can find his coding hijinks on GitHub, where he shares most of his projects and open source work.

Here's 75 % off, Launch a New VPS Today. Find out why 30,000 customers have chosen our Best-in-Class Performance & 24x7 Heroic Support