On an Ubuntu server the default firewall management command is iptables. While iptables provides powerful functionality it’s syntax is often seen as complex. For most users a friendlier syntax can make managing your firewall much easier.
The uncomplicated firewall (UFW) is an alternative program to iptables for managing firewall rules. Most typical Ubuntu installations will include UFW by default. In cases where UFW isn’t included it’s just a quick command away!
Installing UFW on Ubuntu
Pre-Flight Check
- These directions are intended to be done on any Ubuntu 16.04 LTS release.
- You will need to be logged in to SSH as the root user.
Keeping with best practice we’ll quickly run package updates before we install UFW. Once that’s done and out of the way we can run the install.
apt update
apt upgrade
- Install UFW
apt install ufw
- Check the install
ufw --version
ufw 0.35 Copyright 2008-2015 Canonical Ltd.
And that is it, not much to the install and setup here. Nothing to enable or restart with systemd since UFW is a wrapper for iptables and netfilters.
Now to fully enable UFW simply run:
ufw enable
If you are migrating from an iptables based setup you will need to recreate the rules in UFW. For the best results you should setup the basic rules first and then enable UFW. This will help prevent locking yourself out if you’re working over SSH.
Examples using UFW
If you’re unfamiliar with firewall management then UFW and this quick list will make things a breeze! It really is pretty simple to use since programs can provide support for UFW in the form of app profiles. Using these profiles you can easily allow/deny access for the specific application.
- List all the profiles provided by installed packages:
ufw app list
Available applications: Apache Apache Full Apache Secure OpenSSH
- Allow access to Apache on both port 80 and 443:
ufw allow "Apache Full"
Rule added Rule added (v6)
- Allow access to SSH:
ufw allow "OpenSSH"
Rule added Rule added (v6)
- See the full status of UFW:
ufw status verbose
Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 22/tcp (OpenSSH) ALLOW IN Anywhere 22/tcp (OpenSSH (v6)) ALLOW IN Anywhere (v6)
Because of the cool App profiles feature in UFW most services can easily be opened up in your firewall. In our example the server is still pretty fresh and barebones so we don’t have that manage app profiles. As you install more applications, if they support UFW, then you’ll see those profiles listed when you run the app list command from above.
Related Articles:

About the Author: Dan Pock
Dan Pock does technical support at Liquid Web with a background in System Administration, Public Relations, and Customer Service. His favorite things include his cats, Oscar Boots, and Dash Nougat; experimenting with PHP; and making up recipes (or at least attempting to). You can find his coding hijinks on GitHub, where he shares most of his projects and open source work.
Our Sales and Support teams are available 24 hours by phone or e-mail to assist.
Latest Articles
How to Install WordPress on Linux (AlmaLinux)
Read ArticleWhat is CentOS? Everything You Need to Know
Read ArticleWhat is CentOS? Everything You Need to Know
Read ArticleRedis as Cache: How It Works and Why You Should Use It
Read ArticleRefer-a-Friend Program for Website Hosting: Get $100 for Each Friend!
Read Article