During a previous period of developing an application based on Ubuntu, I encountered an issue where communication was impossible due to ports being closed by the built-in UFW firewall. This article specifically documents the configuration of the UFW firewall.
"UFW" stands for "Uncomplicated Firewall," a simplified firewall solution. UFW is based on iptables but is designed for easier use.
Ubuntu, both the desktop and server editions, come pre-installed with the UFW firewall. If your version does not have it installed, you can install it by running the following command (while connected to the internet):
sudo apt-get install ufwBy default, UFW is not enabled. To activate the firewall, run the following command:
sudo ufw enableOnce UFW is enabled, by default, it allows outgoing traffic but denies incoming traffic. This means you can browse websites or use commands like wget and apt-get to download and install services. However, it does not allow external programs to access your machine (such as using your machine as a TCP server). If for some reason these rules have been changed and you want to restore the default rules, follow these steps:
To enable the default outgoing traffic rule, run the following command:
sudo ufw default allow outgoingIf you want to enable the default rule for incoming traffic, run the following command:
sudo ufw default deny incomingsudo ufw allow For example, to allow access to port 2024 on your machine via the TCP protocol, run the following command:
sudo ufw allow 2024/tcpIf there are no protocol requirements for port 2024, run the following command:
sudo ufw allow 2024
To allow a range of ports, such as TCP ports 2024 to 2030, run the following command:
sudo ufw allow 2024:2030/tcpTo allow external access to your machine's SSH server, run the following command:
sudo ufw allow sshTo allow external access to your machine's Web server (based on HTTP and HTTPS protocols), run the following command:
sudo ufw allow httpsudo ufw allow https
If you want to deny external access to a specific port/protocol, run the following command:
sudo ufw deny For example, to deny external UDP access to port 2025, run the following command:
sudo ufw deny 2025/udpIf you only want to allow access to your machine from specific IP addresses or subnets, run the following command:
sudo ufw allow from ip地址/子网掩码For example, to allow a host with IP address 192.168.0.1 and subnet mask 255.255.255.0 to access port 22 on your machine via the TCP protocol, run the following command:
sudo ufw allow from 192.168.0.1/24 22/tcpTo view all the configured rules, run the following command:
sudo ufw status verboseIf you want to view the rules added by the user, run the following command:
sudo ufw show addedIf you want to delete a specific rule, run the following command:
sudo ufw delete For example, if you want to delete the previous rule that "denies external UDP access to port 2025," run the following command:
sudo ufw delete deny 2025/udpAdditionally, rules can be deleted by their sequence numbers. First, run the following command to obtain the rule numbers:
sudo ufw status numberedAnd then use the following command to delete the corresponding rule:
sudo ufw delete numberFor example, to delete the rule with number 1, run the following command:
sudo ufw delete 1If you want to disable UFW, run the following command:
sudo ufw disableAlright, that's the introduction to configuring the UFW firewall in Ubuntu.