-
Russia8 (800) 707-83-77 -
United Kingdom+44 (20) 4577-20-00 -
USA+1 (929) 431-18-18 -
Israel+972 (55) 507-70-81 -
Brazil+55 (61) 3772-18-88 -
Canada+1 (416) 850-13-33 -
Czech Republic+420 (736) 353-668 -
Estonia+372 (53) 683-380 -
Greece+30 (800) 000-02-04 -
Ireland+353 (1) 699-43-88 -
Iceland+354 (53) 952-99 -
Lithuania+370 (700) 660-08 -
Netherlands+31 (970) 1027-77-87 -
Portugal+351 (800) 180-09-04 -
Romania+40 (376) 300-641 -
Sweden+46 (79) 008-11-99 -
Slovakia+421 (2) 333-004-23 -
Switzerland+41 (22) 508-77-76 -
Moldova+373 (699) 33-1-22
English
How to configure the UFW firewall in Ubuntu
- Main
- Knowledge base
- How to configure the UFW firewall in Ubuntu
If you are just starting out with a VPS or VDS, it is important to think about security right away. One simple and reliable way to limit unwanted connections is to configure a firewall. This guide will show you how to do this with UFW, a lightweight utility for managing network rules on Ubuntu.
What is UFW and why do you need it
UFW stands for Uncomplicated Firewall - that is, “uncomplicated firewall”. It runs on top of Netfilter and supports iptables and nftables. Its main feature is simplicity: everything is configured through the terminal, without the need to poke around in complicated configuration files. This utility is already pre-installed in many versions of Ubuntu, starting with 8.04 LTS.
How to prepare UFW for work
By default, UFW is turned off after installation. This is done on purpose - so that you have time to set the necessary rules and not cut off access to the server. Therefore, you need to open the SSH port before turning it on.
If you have not changed the SSH port, the following command will suffice:
sudo ufw allow OpenSSHAnd if the port is non-standard - replace it in the command:
sudo ufw allow 2222/tcpYou can enable the firewall like this:
sudo ufw enableHow to set rules
The general command template is as follows:
sudo ufw [type_action] from [ip] to any port [port_number]Where [type_action] can be:
→ allow - allow;
→ deny - deny without response;
→ reject - deny with response;
→ limit - limit the frequency of connections (for example, to protect against SSH password mining).
Open ports for popular applications
To see which applications already have templates for UFW, you can do this:
sudo ufw app listSuppose you want to allow full access to Nginx - run:
sudo ufw allow "Nginx Full"And if the application runs on port 9000:
sudo ufw allow 9000Database access
MySQL (port 3306):
Open access to all:
sudo ufw allow 3306Or to only one IP:
sudo ufw allow from 192.0.2.10 to any port 3306PostgreSQL (port 5432):
For all:
sudo ufw allow 5432Only for the desired address:
sudo ufw allow from 192.0.2.10 to any port 5432HTTP and HTTPS
Open HTTP (port 80):
sudo ufw allow 80Open HTTPS (port 443):
sudo ufw allow 443How to delete a rule
First see the list of all rules:
sudo ufw status numberedTo delete, use the number from the list:
sudo ufw delete 4Or delete the rule directly:
sudo ufw delete from 123. 123.123.123.123 port 35 proto tcpHow to disable UFW
If you temporarily need to disable the firewall, run:
sudo ufw disableThat's it. Now your server is a bit safer. And the best part is that you can do all this in a couple of minutes without being a network security expert.
Other articles of the section
