ufw Command
Beginner Firewall & Security man(1)Uncomplicated Firewall - easy iptables management
👁 10 views
📅 Updated: Mar 15, 2026
SYNTAX
ufw [OPTION]... [RULE]
What Does ufw Do?
ufw (Uncomplicated Firewall) is a user-friendly frontend for iptables. It simplifies firewall management with straightforward commands for allowing and denying traffic by port, service name, or IP address.
ufw is the default firewall tool on Ubuntu and is designed for simplicity. It handles the complex iptables rules behind the scenes while providing an intuitive interface.
ufw supports both IPv4 and IPv6, application profiles, rate limiting, and logging. It is suitable for most single-server firewall needs.
ufw is the default firewall tool on Ubuntu and is designed for simplicity. It handles the complex iptables rules behind the scenes while providing an intuitive interface.
ufw supports both IPv4 and IPv6, application profiles, rate limiting, and logging. It is suitable for most single-server firewall needs.
Options & Flags
| Option | Description | Example |
|---|---|---|
| enable | Enable the firewall | sudo ufw enable |
| disable | Disable the firewall | sudo ufw disable |
| status | Show firewall status and rules | sudo ufw status verbose |
| allow | Allow incoming traffic | sudo ufw allow 80/tcp |
| deny | Deny incoming traffic | sudo ufw deny 23/tcp |
| delete | Delete a rule | sudo ufw delete allow 80/tcp |
| reset | Reset all rules to defaults | sudo ufw reset |
Practical Examples
#1 Enable firewall
Activates the firewall. Make sure SSH is allowed first!
$ sudo ufw enable
Output:
Firewall is active and enabled on system startup
#2 Allow SSH
Allows SSH connections (port 22). Always do this before enabling!
$ sudo ufw allow ssh
Output:
Rule added
#3 Allow web traffic
Allows HTTP and HTTPS traffic.
$ sudo ufw allow 80/tcp && sudo ufw allow 443/tcp#4 Allow from specific IP
Allows MySQL access only from the local network.
$ sudo ufw allow from 192.168.1.0/24 to any port 3306#5 Check status
Shows all rules with numbers for easy deletion.
$ sudo ufw status numbered
Output:
[ 1] 22/tcp ALLOW IN Anywhere\n[ 2] 80/tcp ALLOW IN Anywhere
#6 Rate limiting
Limits SSH to 6 connections per 30 seconds — prevents brute force.
$ sudo ufw limit ssh#7 Delete rule
Deletes rule number 3 (check numbers with status numbered).
$ sudo ufw delete 3#8 Deny by default
Sets default policy: block all incoming, allow all outgoing.
$ sudo ufw default deny incoming && sudo ufw default allow outgoingTips & Best Practices
Allow SSH before enabling: Always run sudo ufw allow ssh BEFORE sudo ufw enable, or you will lock yourself out of remote servers.
Application profiles: ufw app list shows available profiles. sudo ufw allow "Nginx Full" allows both HTTP and HTTPS for Nginx.
Logging: sudo ufw logging on enables firewall logging. Check logs in /var/log/ufw.log.
Frequently Asked Questions
How do I set up a basic firewall?
sudo ufw default deny incoming && sudo ufw allow ssh && sudo ufw allow http && sudo ufw allow https && sudo ufw enable.
How do I allow a specific port?
sudo ufw allow PORT/tcp (or PORT/udp). Example: sudo ufw allow 3000/tcp.
How do I remove a firewall rule?
sudo ufw status numbered to see rule numbers. sudo ufw delete NUMBER to remove.
Related Commands
More Firewall & Security Commands
Master Linux with Professional eBooks
Curated IT eBooks covering Linux, DevOps, Cloud, and more
Browse Books →