Skip to content

UFW

Uncomplicated Firewall {UFW} is a host based firewall availble on debian based systems. A simple way to manage access to ports & protocols.

Install

sudo apt install ufw
sudo ufw limit 22/tcp
sudo ufw allow https
sudo ufw enable
sudo ufw status verbose

Delete rules

sudo ufw status numbered
sudo ufw delete number
# Delete all rules
sudo ufw reset

Examples

# Allow outbound via port/protocol
sudo ufw allow out 853
sudo ufw allow out 853/tcp
# Allow inbound via port/protocol
sudo ufw allow in 443
sudo ufw allow in 443/tcp
# Allow via port/protocol
sudo ufw allow 22
sudo ufw allow 22/tcp
# Allow via service/protocol
sudo ufw allow ssh
sudo ufw allow ssh/tcp
# Deny via port/protocol
sudo ufw deny 22
sudo ufw deny 22/tcp
# Deny via service/protocol
sudo ufw deny ssh
sudo ufw deny ssh/tcp
# Limit connection, blocks after six attemps for 30 secs. 
sudo ufw limit 22/tcp
sudo ufw limit 3389/tcp

UFW-Docker:

# Docker bypasses UFW host firewall. There is a fix. 
sudo wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker
sudo chmod +x /usr/local/bin/ufw-docker
sudo ufw-docker install
sudo systemctl restart ufw
docker ps
# Reference the container name in the docker firewall rule.
sudo ufw-docker allow nginx-reverse-proxy 443/tcp
sudo ufw-docker allow portainer 9443/tcp
sudo systemctl start ufw
sudo systemctl enable ufw

Troubleshooting

sudo apt install rsyslog
sudo systemctl enable rsyslog
sudo systemctl start rsyslog
sudo systemctl status rsyslog
# on, low, medium , high, or full 
sudo ufw logging on
sudo ufw logging low
sudo ls /var/log/ufw*
# Read all the logs
sudo less /var/log/ufw* 
# Search an issue. 
sudo less /var/log/ufw* | grep 'BLOCK'

References

https://linuxhint.com/ufw_list_rules/
https://manpages.ubuntu.com/manpages/bionic/man8/ufw.8.html
https://www.linux.com/training-tutorials/introduction-uncomplicated-firewall-ufw/