This post will explain how to install the UFW on Ubuntu 24.04 OS. UFW (Uncomplicated Firewall) is an interface for iptables for configuring a firewall. The UFW firewall is way easier than the iptables for securing the server. It is used daily by system administrators, developers, and other familiar Linux users. The most important thing about the UFW firewall is that it protects the server from unauthorized access.
In the next paragraph, we will cover the installation of the UFW firewall, along with real examples. Let’s get started!
Prerequisites
- A server running Ubuntu 24.04 or any Linux OS
- User privileges: root or non-root user with sudo privileges
Step 1. Update the System
Before we start with the installation of configuring the UFW Firewall, we will update the system packages to their latest versions available:
sudo apt update -y && sudo apt upgrade -y
Step 2. Install UFW Firewall
Before we start with installation we can execute the following command to check the status of the UFW service:
ufw status
If there is no UFW service and installation you will get the following output:
root@host:~# ufw status Command 'ufw' not found, but can be installed with: snap install ufw # version 0.36.2, or apt install ufw # version 0.36.2-1 See 'snap info ufw' for additional versions.
To install the UFW Ubuntu-based firewall execute the command below:
sudo apt install ufw -y
Once the installation is complete, start and enable the service:
sudo systemctl start ufw && sudo systemctl enable ufw
To check the status of the service execute the command below:
sudo systemctl status ufw
You should get the following output:
root@host:~# sudo systemctl status ufw
● ufw.service - Uncomplicated firewall
Loaded: loaded (/usr/lib/systemd/system/ufw.service; enabled; preset: enabled)
Active: active (exited) since Mon 2024-12-09 15:14:20 CST; 2min 0s ago
Docs: man:ufw(8)
Main PID: 15314 (code=exited, status=0/SUCCESS)
CPU: 3ms
Dec 09 15:14:20 host.test.vps systemd[1]: Starting ufw.service - Uncomplicated firewall...
Dec 09 15:14:20 host.test.vps systemd[1]: Finished ufw.service - Uncomplicated firewall.
Now you can execute the following command again:
ufw status
By default the UFW is not enabled so you will receive the output below:
root@host:~# ufw status Status: inactive
In the next paragraphs, we will show you how to enable it and add some rules.
Step 3. Configure UFW Firewall
This is the most important step of this blog post. As we said previously UFW service is disabled by default. If you enable it now, without any rules you will not be able to connect to your server via SSH. In other words, you will be kicked out of your server and will be locked. So the first step is to allow the SSH connections:
sudo ufw allow OpenSSH && sudo ufw allow ssh
You will get the following output:
root@host:~# sudo ufw allow OpenSSH && sudo ufw allow ssh Rules updated Rules updated (v6) Rules updated Rules updated (v6)
Next is to allow the SSH port number. To do that execute the following command:
sudo ufw allow 22
You should get the following output:
root@host:~# sudo ufw allow 22 Rules updated Rules updated (v6)
Now, when the SSH access is enabled we can proceed with configuring some other important rules. The next is to allow the default UFW incoming policy to deny:
sudo ufw default deny incoming
You will get the following output:
root@host:~# sudo ufw default deny incoming Default incoming policy changed to 'deny' (be sure to update your rules accordingly
To set the default UFW outgoing policy to allow, run:
sudo ufw default allow outgoing
You should get the following output:
root@host:~# sudo ufw default allow outgoing Default outgoing policy changed to 'allow' (be sure to update your rules accordingly)
In the next paragraph, we will show you how to Enable UFW.
Step 4. Enable UFW Firewall
First, we will check the rules we added before to be sure before enabling the UFW:
sudo ufw show added
You will get output similar to this:
root@host:~# sudo ufw show added Added user rules (see 'ufw status' for running firewall): ufw allow OpenSSH ufw allow 22/tcp ufw allow 22
After confirming everything is OK, and the SSH connections are opened we can enable the UFW firewall securely:
sudo ufw enable
There will be a warning about the SSH connections, but we already configured it to accept those connections. So we can proceed with enabling by hitting the y button:
root@host:~# sudo ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Once, you confirm this you will get the following output:
Firewall is active and enabled on system startup
Now, you can check the status of the UFW Firewall again:
ufw status
If the UFW Firewall is enabled, you will get the following output:
root@host:~# ufw status
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
22/tcp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
Allow Specific IP addresses
These paragraphs are not listed with numbers since it is not necessary to enable these rules ordinarily. The first four steps were important to not get locked out of the server. Even if you are locked out of the server, you can always contact your hosting company to disable the rule. However, let’s proceed with allowing some specific IP address. To do that execute the command below:
sudo ufw allow from 162.246.254.3
The output is the same one:
Output Rule added
To specify a port that the IP address is allowed to connect to we need to add the following rule:
sudo ufw allow from 162.246.254.3 to any port 22
Allow Specific port ranges
To specify the range of porst in UFW Firewall execute the command below:
sudo ufw allow 8069:8089/tcp sudo ufw allow 8069:8089/udp
Allowing Other Connections
To allow HTTP and HTTPS via Apache or Nginx web servers execute the command below:
sudo ufw allow ‘Apache Full’ sudo ufw allow ‘Nginx Full’
If you want to enable only HTTP or HTTPS you can use the following rules respectively:
sudo ufw allow http
And for HTTPS
sudo ufw allow https
Denying Connections
For example, to deny the newly added rules about HTTP and HTTPS, you can execute the following command:
udo ufw deny http
And to deny the HTTPS:
sudo ufw deny https
To deny from a specific IP address:
sudo ufw deny from 162.246.254.3
Deleting Rules
To delete some rule, we have to know the rule number or to delete the rule by the name. Deleting the rule with a number is easier. First, we need to check the numbers for all the rules we added before:
sudo ufw status numbered
With rules, we added before we got this output:
root@host:~# sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] OpenSSH ALLOW IN Anywhere
[ 2] 22/tcp ALLOW IN Anywhere
[ 3] 22 ALLOW IN Anywhere
[ 4] 22 ALLOW IN 162.246.254.3
[ 5] 8069:8089/tcp ALLOW IN Anywhere
[ 6] 8069:8089/udp ALLOW IN Anywhere
[ 7] OpenSSH (v6) ALLOW IN Anywhere (v6)
[ 8] 22/tcp (v6) ALLOW IN Anywhere (v6)
[ 9] 22 (v6) ALLOW IN Anywhere (v6)
To remove rule number four about the Specific IP address from Anywhere execute the command below:
sudo ufw delete 4
There will be a warning about proceeding with the operation. We should type y and hit Enter:
root@host:~# sudo ufw delete 4 Deleting: allow from 162.246.254.3 Proceed with operation (y|n)? y Rule deleted
To delete rule number five, by the Rule Name we used before we need to execute the command below:
sudo ufw delete allow "8069:8089/tcp"
The final list with the added and deleted rules should look like this:
[ 1] OpenSSH ALLOW IN Anywhere
[ 2] 22/tcp ALLOW IN Anywhere
[ 3] 22 ALLOW IN Anywhere
[ 4] 22 ALLOW IN 162.246.254.3
[ 5] 8069:8089/udp ALLOW IN Anywhere
[ 6] OpenSSH (v6) ALLOW IN Anywhere (v6)
[ 7] 22/tcp (v6) ALLOW IN Anywhere (v6)
[ 8] 22 (v6) ALLOW IN Anywhere (v6)
That’s it! You have learned how to configure and install UFW Ubuntu-based firewalls.
If you have difficulties with the UFW Firewall our Linux admins will help you with any aspect. You must sign up for one of our monthly management or per-incident server support plans. Do not hesitate to contact us anytime you want. We are available 24/7.
If you liked this post about installing the UFW Firewall on Ubuntu 24.04 OS, please share it with your friends on social networks using the buttons on the left or leave a reply below. Thanks.
