Installing UFW on Ubuntu 22.04

Posted on December 8, 2017 by Dan Pock | Updated: May 10, 2023

Category: Featured Articles | Tags: Apache, Firewall, Security, SSH, Ubuntu, UFW

Reading Time: 2 minutes

On an Ubuntu server the default firewall management command is iptables. While iptables provides powerful functionality it’s syntax is often seen as complex. For most users a friendlier syntax can make managing your firewall much easier.

The uncomplicated firewall (UFW) is an alternative program to iptables for managing firewall rules. Most typical Ubuntu installations will include UFW by default. In cases where UFW isn’t included it’s just a quick command away!

Installing UFW on Ubuntu

Pre-Flight Check

These directions are intended to be done on any Ubuntu 16.04 LTS release.
You will need to be logged in to SSH as the root user.

Keeping with best practice we’ll quickly run package updates before we install UFW. Once that’s done and out of the way we can run the install.

apt update apt upgrade

Install UFW
apt install ufw

Check the install
ufw --version

ufw 0.35
Copyright 2008-2015 Canonical Ltd.

And that is it, not much to the install and setup here. Nothing to enable or restart with systemd since UFW is a wrapper for iptables and netfilters.

Now to fully enable UFW simply run:

ufw enable

If you are migrating from an iptables based setup you will need to recreate the rules in UFW. For the best results you should setup the basic rules first and then enable UFW. This will help prevent locking yourself out if you’re working over SSH.

Examples using UFW

If you’re unfamiliar with firewall management then UFW and this quick list will make things a breeze! It really is pretty simple to use since programs can provide support for UFW in the form of app profiles. Using these profiles you can easily allow/deny access for the specific application.

List all the profiles provided by installed packages:
ufw app list
```
Available applications:
Apache
Apache Full
Apache Secure
OpenSSH
```
Allow access to Apache on both port 80 and 443:
ufw allow "Apache Full"
```
Rule added
Rule added (v6)
```
Allow access to SSH:
ufw allow "OpenSSH"
```
Rule added
Rule added (v6)
```

See the full status of UFW:
ufw status verbose

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp (OpenSSH)           ALLOW IN    Anywhere                  
22/tcp (OpenSSH (v6))      ALLOW IN    Anywhere (v6)

Because of the cool App profiles feature in UFW most services can easily be opened up in your firewall. In our example the server is still pretty fresh and barebones so we don’t have that manage app profiles. As you install more applications, if they support UFW, then you’ll see those profiles listed when you run the app list command from above.

About the Author: Dan Pock

Dan Pock does technical support at Liquid Web with a background in System Administration, Public Relations, and Customer Service. His favorite things include his cats, Oscar Boots, and Dash Nougat; experimenting with PHP; and making up recipes (or at least attempting to). You can find his coding hijinks on GitHub, where he shares most of his projects and open source work.