When I first started using Ubuntu, the word “firewall” sounded complicated. It made me think of big computer systems, hackers, and things I didn’t understand. But once I learned about UFW, which stands for Uncomplicated Firewall, everything got much simpler.
In this post, I’ll walk you through how to use UFW on Ubuntu. If you’re new to this, don’t worry. I’ll explain everything step by step. You won’t need to be a tech expert. If you can type in a terminal, you’re good to go.
Let’s get started.
What Is a Firewall, and Why Do You Need One?
A firewall is like a security guard for your computer. It watches the network traffic going in and out and decides what’s allowed and what’s not.
Do you use your Ubuntu computer as a web server? Maybe you have a personal website, a Nextcloud server, or even just remote access set up. If so, your computer is open to the internet. That means anyone out there can try to connect.
Without a firewall, you might be giving them a free pass.
Using UFW is a good way to say:
- “Yes, you can come in through this door.”
- “No, this door is locked.”
This way, you only allow what’s needed and block everything else.
What Is UFW?
UFW stands for Uncomplicated Firewall. It’s the default firewall tool for Ubuntu.
The name says it all: it’s simple.
I like it because:
- The commands are short and easy to remember.
- You don’t have to deal with long config files.
- It does what you need without fuss.
It works on top of something called iptables, but you don’t need to learn that. UFW handles the hard stuff in the background.
Step 1: Check if UFW is Installed
Most versions of Ubuntu already have UFW. But let’s make sure.
Open your terminal and type:
sudo ufw status
If you see a message like Status: inactive, that means it’s installed but not turned on. If it says “command not found,” then you need to install it:
sudo apt update
sudo apt install ufw
Simple, right?
Step 2: Turn on the Firewall
Before we turn it on, we should decide which services we want to allow. If you turn on the firewall without allowing anything, you might block yourself out.
Especially if you’re using SSH (remote login), be careful. I once locked myself out of a server by doing this too quickly.
If you use SSH, type:
sudo ufw allow ssh
That tells the firewall, “Let people in on port 22, which is for SSH.”
Now you can turn on the firewall safely:
sudo ufw enable
It will say something like:
Firewall is active and enabled on system startup.
Done. You now have a firewall running.
Step 3: Allow or Deny Services
Let’s say you’re running a web server. You probably want to allow HTTP and HTTPS:
sudo ufw allow http
sudo ufw allow https
Or, you can allow them by port number:
sudo ufw allow 80
sudo ufw allow 443
Both do the same thing. It’s just a matter of what you prefer.
Now, what if you wanted to block a port?
sudo ufw deny 23
That blocks Telnet (an old protocol that you probably shouldn’t use anyway).
Step 4: Check What’s Going On
If you’re wondering what rules you’ve added, just type:
sudo ufw status
Want a more detailed list with port numbers?
sudo ufw status verbose
That will show you each rule, what port it’s for, and whether it’s allowed or denied.
Step 5: Remove or Change Rules
Let’s say you made a mistake and want to delete a rule.
First, look at your rules with:
sudo ufw status numbered
You’ll see something like this:
[ 1] 22 ALLOW IN Anywhere
[ 2] 80 ALLOW IN Anywhere
Now, let’s say you want to delete rule #2:
sudo ufw delete 2
That’s it. The rule is gone.
If you want to disable UFW completely:
sudo ufw disable
But I suggest keeping it on unless you have a reason to stop it.
Step 6: Make Your Rules Tighter
By default, UFW allows all outgoing traffic and blocks incoming traffic. That’s fine for most people. But what if you want to lock it down more?
You can change the default behavior:
sudo ufw default deny incoming
sudo ufw default allow outgoing
I like this setup. It means:
- People can’t reach your system unless you let them.
- Your computer can still reach the internet.
Here’s a quick list of useful services you might want to allow:
ssh– for remote loginhttpandhttps– for web serverssamba– for file sharing on local networkscups– for printers
Here’s a sample command list:
sudo ufw allow 22/tcp(SSH)sudo ufw allow 80/tcp(Web HTTP)sudo ufw allow 443/tcp(Web HTTPS)
Use only what you need. Don’t just open everything.
Benefits of Using UFW
You might ask, “Is all this effort worth it?” I think it is. Here’s why:
- Peace of mind – You know your system isn’t wide open.
- Better security – You reduce the chance of attacks.
- More control – You decide what’s allowed in or out.
- Less noise – You block strange connections you don’t need.
I’ve seen random port scans hit my servers. Without UFW, they might have gotten in. With UFW, they get nothing.
Things to Watch Out For
Here are a few tips from my experience:
- Don’t lock yourself out. Always allow SSH before enabling UFW.
- Test your setup. Try to connect to the ports you opened.
- Keep it simple. Only open what you need. Less is better.
- Remember the logs. You can check what UFW is doing by looking at the logs:
sudo less /var/log/ufw.log
That log can help you figure out if something’s being blocked when it shouldn’t be.
Final Thoughts
Setting up UFW is one of the first things I do on any Ubuntu server. It’s simple, quick, and adds an important layer of safety.
If you haven’t used UFW yet, give it a try. It’s okay to start small. Just turn it on, allow SSH, and build from there. The more you use it, the more comfortable you’ll feel.
Do you already use a firewall? Have you ever been locked out by mistake? I’d love to hear about your experience.
If this guide helped you, maybe share it with a friend who’s learning Linux too.
