 |
VOOZH | about |
|
VOOZH | about |
UFW (uncomplicated firewall) is a command-line tool designed to simplify firewall management on Linux systems, particularly those based on Ubuntu. Built on top of iptables, it provides a user-friendly way to define rules for controlling network traffic, such as allowing or blocking specific ports, IP addresses, or services. UFW is relevant for system administrators and developers who need to secure servers without dealing with the complexity of raw iptables commands, offering a straightforward approach to managing both IPv4 and IPv6 traffic.
This cheat sheet-style guide provides a quick reference to common UFW use cases and commands, including examples of how to allow and block services by port, network interface, and source IP address. It also covers default policies, application profiles, SSH access, and advanced usage scenarios, making it a practical resource for securely managing firewall rules on Ubuntu systems.
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
Software Engineer @ DigitalOcean. Former SeΓ±or Technical Writer (I no longer update articles or respond to comments). Expertise in areas including Ubuntu, PostgreSQL, MySQL, and more.
Dev/Ops passionate about open source, PHP, and Linux. Former Senior Technical Writer at DigitalOcean. Areas of expertise include LAMP Stack, Ubuntu, Debian 11, Linux, Ansible, and more.
With over 6 years of experience in tech publishing, Mani has edited and published more than 75 books covering a wide range of data science topics. Known for his strong attention to detail and technical knowledge, Mani specializes in creating clear, concise, and easy-to-understand content tailored for developers.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
sudo ufw deny in on eth0 from 15.15.15.51
Cool! But how to do it in CentOS?
Should the following command block web traffic as well? Meaning, prevent anyone accessing from this IP address from accessing any websites on the server?
sudo ufw deny from 15.15.15.51
βIf your server shouldnβt be sending outgoing mail, you may want to block that kind of traffic. To block outgoing SMTP mail, which uses port 25, run this command:β
sudo ufw deny 25
This actully will block incoming SMTP traffic, not outgoing! Please fix this. The correct command is
sudo ufw deny out 25
Iβm wondering if you can tell me what the following UFW log entries mean? (I replaced my server IP with xxx.xxx.xxx.xxx):
Feb 3 14:40:48 www kernel: [149871.434419] [UFW BLOCK] IN=eth0 OUT= MAC=04:01:4b:83:f5:01:84:b5:9c:f9:18:30:08:00 SRC=205.204.2.28 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=33554 PROTO=TCP SPT=1702 DPT=80 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Feb 3 14:41:08 www kernel: [149891.197907] [UFW BLOCK] IN=eth0 OUT= MAC=04:01:4b:83:f5:01:84:b5:9c:f9:18:30:08:00 SRC=149.101.37.2 DST=xxx.xxx.xxx.xxx LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=23953 PROTO=TCP SPT=44916 DPT=80 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Feb 3 14:41:28 www kernel: [149911.255322] [UFW BLOCK] IN=eth0 OUT= MAC=04:01:4b:83:f5:01:84:b5:9c:f9:18:30:08:00 SRC=198.103.184.76 DST=xxx.xxx.xxx.xxx LEN=52 TOS=0x00 PREC=0x00 TTL=44 ID=20968 PROTO=TCP SPT=29630 DPT=80 WINDOW=65535 RES=0x00 ACK FIN URGP=0
I have my UFW rules setup as follows:
To Action From
-- ------ ----
Anywhere DENY 89.248.171.5
22 ALLOW Anywhere
443 ALLOW Anywhere
80 ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
Thanks Mitchell Anicas for the article. Itβs helpful very much; I have a question, Can I make rules to deny or allow MAC addresses ?
after i enable ufw , i cannot get sudo apt-get update to work ,it keep say could not resolve mirror digitalocean
here is my ufw status. imcoming denny all outgoing allow all
To Action From
3690 ALLOW Anywhere 9418/tcp ALLOW Anywhere 80 ALLOW Anywhere 443 ALLOW Anywhere
80 ALLOW OUT Anywhere 443 ALLOW OUT Anywhere 53 ALLOW OUT Anywhere
I have instaled wowza in my server and in step I was demanding to open the port 1935, i execute the commande βsudo ufw enableβ and as a result I had no access to my ssh! How can I get back to my SSH. I need ur help please
What do I need to configure with wordpress installed?
I have followed the initial server setup for ubuntu 16.04, installed LEMP, set-up virtual hosts and installed wordpress all from digital ocean tutorials.
can you also add on how to save those rules , that is to make them persistent because I cant find it nowhere.
A useful tip:
Usually a UFW profile such as OpenSSH is created when you install the openssh-server package. Using the already provided profile, you can restrict access to a specific subnet such as your home networkβs subnet. The command is: sudo ufw allow from 192.168.0.0/24 to any app OpenSSH. Obviously you change the subnet accordingly.
This is what it looks like in practice using only profiles:
To Action From
-- ------ ----
137,138/udp (Samba) ALLOW IN Anywhere
139,445/tcp (Samba) ALLOW IN Anywhere
80,443/tcp (Nginx Full) ALLOW IN Anywhere
3389/tcp (MySQL) ALLOW IN Anywhere
3389/udp (MySQL) ALLOW IN Anywhere
22/tcp (OpenSSH) ALLOW IN 192.168.0.0/24
137,138/udp (Samba (v6)) ALLOW IN Anywhere (v6)
139,445/tcp (Samba (v6)) ALLOW IN Anywhere (v6)
80,443/tcp (Nginx Full (v6)) ALLOW IN Anywhere (v6)
3389/tcp (MySQL (v6)) ALLOW IN Anywhere (v6)
3389/udp (MySQL (v6)) ALLOW IN Anywhere (v6)
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Full documentation for every DigitalOcean product.
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
