{"id":3583,"date":"2020-10-19T16:34:18","date_gmt":"2020-10-19T21:34:18","guid":{"rendered":"http:\/\/www.incredigeek.com\/home\/?p=3583"},"modified":"2023-01-16T05:06:04","modified_gmt":"2023-01-16T11:06:04","slug":"configure-ufw-firewall-on-ubuntu","status":"publish","type":"post","link":"https:\/\/www.incredigeek.com\/home\/configure-ufw-firewall-on-ubuntu\/","title":{"rendered":"Configure UFW Firewall on Ubuntu"},"content":{"rendered":"\n
\"\"<\/a>
UFW Firewall Status<\/figcaption><\/figure>\n\n\n\n

Below are some simple commands around working with UFW. UFW is included in Ubuntu. However it may need to be enable.<\/p>\n\n\n\n

Show status<\/h2>\n\n\n\n
sudo ufw status<\/pre>\n\n\n\n
Disable UFW Service<\/h2>\n\n\n\n
sudo systemctl stop ufw && sudo systemctl disable ufw<\/pre>\n\n\n\n
Stop UFW Service<\/h2>\n\n\n\n
sudo systemctl stop ufw<\/pre>\n\n\n\n
Start UFW service<\/h2>\n\n\n\n
sudo systemctl stop ufw<\/pre>\n\n\n\n
Enable UFW<\/h2>\n\n\n\n
sudo ufw enable<\/pre>\n\n\n\n
Allow SSH<\/h2>\n\n\n\n
sudo ufw allow 22\/tcp<\/pre>\n\n\n\n
Show status<\/h2>\n\n\n\n
sudo ufw status numbered<\/pre>\n\n\n\n
Example output<\/p>\n\n\n\n
sudo ufw status numbered\nStatus: active\nTo            Action   From <\/code>\n--            ------   ----<\/code>\n[1] 3478\/udp  ALLOW IN  Anywhere\n[2] 5514\/udp  ALLOW IN  Anywhere\n[3] 8080\/tcp  ALLOW IN  Anywhere\n[4] 8443\/tcp  ALLOW IN  Anywhere\n[5] 8880\/tcp  ALLOW IN  Anywhere\n[6] 8843\/tcp  ALLOW IN  Anywhere\n[7] 6789\/tcp  ALLOW IN  Anywhere\n[8] 27117\/tcp ALLOW IN  Anywhere\n[9] 22\/tcp    ALLOW IN  Anywhere<\/pre>\n\n\n\n
Delete rule<\/h2>\n\n\n\n
You need to know the number of the rule you want to delete.  Replace number with the number of the rule from the status command<\/p>\n\n\n\n
sudo ufw delete number<\/pre>\n\n\n\n
Reset rules<\/h2>\n\n\n\n
sudo ufw reset<\/pre>\n\n\n\n
Allow access to port from specific IP address<\/strong><\/p>\n\n\n\n
Example command allows access to SSH (port 22) from the 172.16.0.0\/12 ip range.<\/p>\n\n\n\n
sudo ufw allow proto tcp from 172.16.0.0\/12 to any port 22<\/pre>\n\n\n\n
One note: It appears that you need to run the rule with every IP range you want to allow.<\/p>\n\n\n\n
Allow access to port from all private IP ranges (RFC 1918)<\/strong><\/p>\n\n\n\n
If we wanted to allow SSH (port 22) from all local IP addresses, we would need to run the following three commands.<\/p>\n\n\n\n
sudo ufw allow proto tcp from 10.0.0.0\/8 to any port 22\nsudo ufw allow proto tcp from 172.16.0.0\/12 to any port 22\nsudo ufw allow proto tcp from 192.168.0.0\/16 to any port 22<\/pre>\n\n\n\n
<\/p>\n\n\n\n
The following link has more information regarding UFW firewall and subnets.
https:\/\/www.cyberciti.biz\/faq\/ufw-allow-incoming-ssh-connections-from-a-specific-ip-address-subnet-on-ubuntu-debian\/<\/a>
<\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Below are some simple commands around working with UFW. UFW is included in Ubuntu. However it may need to be enable. Show status sudo ufw status Disable UFW Service sudo systemctl stop ufw && sudo systemctl disable ufw Stop UFW … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[28],"tags":[160,7,818,221,49,416],"class_list":["post-3583","post","type-post","status-publish","format-standard","hentry","category-ubuntu","tag-firewall","tag-linux-2","tag-rules","tag-ssh","tag-ubuntu-2","tag-ufw"],"_links":{"self":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/3583","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/comments?post=3583"}],"version-history":[{"count":3,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/3583\/revisions"}],"predecessor-version":[{"id":4741,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/3583\/revisions\/4741"}],"wp:attachment":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/media?parent=3583"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/categories?post=3583"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/tags?post=3583"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}