Configure UFW Firewall on Ubuntu

UFW Firewall Status

Below are some simple commands around working with UFW. UFW is included in Ubuntu. However it may need to be enable.

Show status

sudo ufw status

Disable UFW Service

sudo systemctl stop ufw && sudo systemctl disable ufw

Stop UFW Service

sudo systemctl stop ufw

Start UFW service

sudo systemctl stop ufw

Enable UFW

sudo ufw enable

Allow SSH

sudo ufw allow 22/tcp

Show status

sudo ufw status numbered

Example output

sudo ufw status numbered
Status: active
To            Action   From 
--            ------   ----
[1] 3478/udp  ALLOW IN  Anywhere
[2] 5514/udp  ALLOW IN  Anywhere
[3] 8080/tcp  ALLOW IN  Anywhere
[4] 8443/tcp  ALLOW IN  Anywhere
[5] 8880/tcp  ALLOW IN  Anywhere
[6] 8843/tcp  ALLOW IN  Anywhere
[7] 6789/tcp  ALLOW IN  Anywhere
[8] 27117/tcp ALLOW IN  Anywhere
[9] 22/tcp    ALLOW IN  Anywhere

Delete rule

You need to know the number of the rule you want to delete. Replace number with the number of the rule from the status command

sudo ufw delete number

Reset rules

sudo ufw reset

Allow access to port from specific IP address

Example command allows access to SSH (port 22) from the 172.16.0.0/12 ip range.

sudo ufw allow proto tcp from 172.16.0.0/12 to any port 22

One note: It appears that you need to run the rule with every IP range you want to allow.

The following link has more information regarding UFW firewall and subnets.
https://www.cyberciti.biz/faq/ufw-allow-incoming-ssh-connections-from-a-specific-ip-address-subnet-on-ubuntu-debian/

Leave a Reply