How To Allow a Firewall with UFW on Ubuntu

Here is how you can allow a firewall with UFW on Ubuntu. In particular on Vultr’s instance i.e. Ubuntu 20.04 LTS.

Prerequisites

• Have an Ubuntu 20.04 x64 instance.
• Logged in as a root with sudo privileges.

Ubuntu Linux server comes with firewall configuration tool called ufw (Uncomplicated Firewall). It uses a command-line interface consisting of a small number of simple commands, and uses iptables for configuration. UFW is installed by default on Ubuntu. If it has been uninstalled for some reason, you can install it with the following command:

sudo apt install ufw

To list all UFW rules, you can use the following command:

sudo ufw status verbose

And the output will be:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22                         ALLOW IN    Anywhere
22 (v6)                    ALLOW IN    Anywhere (v6)

Allowing Other Connections

Depending on the applications that run on the system, you may also need to open other ports. The general syntax to open a port is as follows:

ufw allow port_number/protocol

To allow incoming tcp packets on port 22, please enter the following command:

sudo ufw allow 22

And the output will be:

Rule added
Rule added (v6)

To allow port for a specific web server such as Apache or Nginx please execute the below command:

sudo ufw allow in "Apache Full"
sudo ufw allow in "Nginx Full"

and the output will be

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22                         ALLOW IN    Anywhere
80/tcp (Nginx HTTP)        ALLOW IN    Anywhere
22 (v6)                    ALLOW IN    Anywhere (v6)
80/tcp (Nginx HTTP (v6))   ALLOW IN    Anywhere (v6)

Denying Connections

If you want to close ports or block certain IP addresses then you can use the following command:

sudo ufw deny port_number/protocol/IP addresses

For example, if you want to deny port 25 connections, you could use the following command:

sudo ufw deny 25/tcp

Or if you want to deny all connections from 203.0.113.4 you could use this command:

sudo ufw deny http

Conclusion

Your firewall is now configured to allow connections with UFW. To get your server functional and secure, make sure to allow any other incoming connections that your server needs.