Config Server Firewall

UFW Allow Command – How to Open Ports and IP Addresses

In this article, we will learn how to open ports in the UFW firewall. We’ll cover how to open specific ports and allow traffic from individual IP addresses using the ufw allow command.

Enabling UFW and Opening Ports

If you haven't enabled UFW yet, you need to allow SSH traffic on port 22 first. This is crucial to avoid locking yourself out of your server. After allowing SSH, you can enable the firewall by running sudo ufw enable.

ufw allow 22/tcp
ufw enable

Opening Ports Using ufw allow

The command to open ports in UFW is ufw allow. For example, to open port 80, you can type ufw allow 80. Optionally, you can also specify the protocol. If you don't specify it, the port will be open to both TCP and UDP by default.

Examples

Open HTTP Port (80):

ufw allow 80

Open Port with Specific Protocol:

ufw allow 80/tcp
ufw allow 53/udp

Open a Port Range:

ufw allow 10000:10100/tcp

Check Rules:

ufw status

Allowing Specific IP Addresses

To allow traffic from a specific IP address, use ufw allow from followed by the IP.

ufw allow from [IP address]

For example, the following command grants access to all ports from the IP address 192.168.1.100:

ufw allow from 192.168.1.100

You can also restrict this rule to a specific port by adding to any port and then the port number:

ufw allow from 192.168.1.100 to any port 80

Here, any means any destination IP address. For example, if this server has multiple IPs, this rule will apply to all of them.

Additionally, you can specify the protocol by adding the keyword proto followed by the protocol type:

ufw allow from 192.168.1.100 to any port 80 proto tcp

Check Rules (with Numbers):

ufw status numbered

Opening a Port Range

You can specify a range of ports using a colon, and you must specify the protocol (TCP or UDP) when using a range.

ufw allow 10000:10100/tcp
ufw allow from 192.168.1.100 to any port 10000:10100 proto tcp

This article covered how to open ports and allow IP addresses using the ufw allow command. In the next article, we will learn how to block IP addresses.