Config Server Firewall

How to Enable and Configure UFW on Ubuntu

In this article, we will learn the correct way to enable the UFW firewall on Ubuntu 24. UFW, or Uncomplicated Firewall, is an easy-to-use firewall that helps secure your server by controlling incoming and outgoing traffic.

Enabling UFW with SSH Access

The command to enable UFW is ufw enable. But before running this command, there is a very important step to do — add a firewall rule that opens SSH port 22.

1. Allow SSH (Port 22)

ufw allow 20/tcp

2. Enable UFW

ufw enable

3. Check UFW Firewall Status

To check the firewall status, run the ufw status command. It will show the list of active firewall rules.

ufw status
Enable UFW on Ubuntu

By default, UFW blocks all incoming connections. So, if we enable the firewall without the SSH rule, we won’t be able to connect to the server remotely.

So remember this every time you enable UFW on a remote server: first, add a firewall rule to accept incoming SSH connections using the ufw allow command, and then turn on the firewall with ufw enable.

Also, UFW does not show existing firewall rules when the firewall is inactive. To view firewall rules when inactive, you have to look at the configuration files inside the /etc/ufw folder. In that folder, there are two files: user.rules for IPv4 and user6.rules for IPv6. If you look inside one of these files, you’ll find the SSH rule we added.

Disable UFW Firewall

If you want to temporarily disable the firewall:

ufw disable

This will turn off UFW and all active rules will stop applying. You can re-enable it later with ufw enable.

Basic UFW Command Examples

Allow SSH (TCP traffic on port 22):

ufw allow 22/tcp

Enable the UFW firewall:

ufw enable

Show active UFW rules in a simple format:

ufw status

Show rules with line numbers for easy deletion or insertion:

ufw status numbered

Disable the UFW firewall:

ufw disable

Reset UFW to default settings and delete all rules:

ufw reset

Allow HTTP traffic (port 80):

ufw allow 80/tcp

Allow all traffic from a specific IP address:

ufw allow from 192.168.1.100

Allow TCP traffic from a specific IP to port 80:

ufw allow from 192.168.1.100 to any port 80 proto tcp

Allow TCP traffic from a subnet to port 80:

ufw allow from 192.168.1.0/24 to any port 80 proto tcp

Delete the rule at position 5 (from ufw status numbered):

ufw delete 5

Block all traffic from a specific IP address:

ufw deny from 192.168.1.100

Block traffic from a specific IP to port 80:

ufw deny from 192.168.1.100 to any port 80

Insert a deny rule at position 2 in the rule list:

ufw insert 2 deny from 192.168.1.100 to any port 80