Ufw – a Simple Command Line Firewall

You could call ufw, or uncomplicated firewall, a front-end of iptables. It can be installed via apt-get, or any other package manager.

If you just want to block some ports or IPs, iptables maybe a little bit overwhelming with all these chains and tables. ufw, as the name states, is way simpler.

First of all you should follow the principle of whitelisting. In other words, you block everything by default, and only let traffic come in (or go out) that is allowed. You might want to trust outgoing traffic by default.
In ufw you can achieve this by doing:

ufw default deny incoming
 ufw default allow outgoing



To allow someone to SSH on to your server you can do:

ufw allow from any to any port 22

If you want to allow this traffic on a certain interface you can do:

ufw allow from any to 10.0.0.1 port 22

If you only want this kind of traffic from a certain network or IP you can do:

ufw allow from 10.0.0.0/24 to 10.0.0.1 port 22

If a service is available for both transport layer protocols (udp and tcp), like DNS, you can specify:

ufw allow from 10.0.0.2 to 10.0.0.1 port 53/udp

If you want to delete a rule, just use delete in front of the line you added:

ufw delete allow from 10.0.0.2 to 10.0.0.1 port 53/udp

As last line add this rule to deny all incoming traffic:

ufw deny in to any

If you want to add some other firewall lines for incoming traffic, keep in mind that they need to be before the line above. You can do this by using insert:

ufw insert allow from 10.0.0.2 to 10.0.0.1 port 53/udp

To enable the firewall:

ufw enable

To check your rules (like iptables -L):

ufw status

Please keep in mind that this list is not complete. Lots of other things can be achieved, using ufw. Some resources: