UFW, short for Uncomplicated Firewall, is a firewall software that comes pre-installed on Ubuntu cloud servers. The primary aim of this article is to familiarize users with the basic operations of the UFW firewall.

Installing UFW

UFW is pre-installed on the Ubuntu operating system. The following command can be used to verify its installation:

which ufw

If the path to UFW is displayed, such as /usr/sbin/ufw, it indicates that it is successfully installed. If UFW is not installed for some reason, use the following command to install it:

sudo apt-get install ufw

UFW’s status can also be checked to confirm its installation:

sudo ufw status

A possible output might be as follows:

Status: active

To                         Action      From
--                         ------      ----
80/tcp                     DENY        Anywhere
443/tcp                    DENY        Anywhere
3306                       DENY        Anywhere
22                         ALLOW       192.168.0.1
3306                       ALLOW       192.168.0.1
80/tcp (v6)                DENY        Anywhere (v6)
443/tcp (v6)               DENY        Anywhere (v6)
3306 (v6)                  DENY        Anywhere (v6)

Creating UFW Rules

Allowing specific protocols and ports:

sudo ufw allow <port>/<optional: protocol>

For instance, allowing ports 80 and 443, commonly used in web applications:

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

Denying specific protocols and ports:

sudo ufw deny <port>/<optional: protocol>

For example, denying remote access to MySQL on port 3306:

sudo ufw deny 3306

It is also possible to set permissions or denials using the name of the service:

sudo ufw deny mysql

Allowing connections from a specific IP:

sudo ufw allow from <ip> to any port <port>

For instance, to restrict remote server login to the office IP only, the setting would be as follows:

sudo ufw allow from 192.168.0.1 to any port 22

Enabling, Disabling, Loading, Restarting UFW

Note: Ensure SSH access is allowed before enabling UFW, as you will not be able to remotely log into the cloud server once UFW is active.

Enabling UFW:

sudo ufw enable

Disabling UFW:

sudo ufw enable

Loading UFW:

sudo ufw reload

Restarting involves disabling and then enabling again:

sudo ufw disable
sudo ufw enable

Deleting UFW Rules

Before deleting UFW rules, it’s necessary to view the current rules. Here’s the command to view current UFW rules by number:

sudo ufw status numbered

A possible output might be as follows:

Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 80/tcp                     DENY IN     Anywhere
[ 2] 443/tcp                    DENY IN     Anywhere
[ 3] 3306                       DENY IN     Anywhere
[ 4] 22                         ALLOW IN    192.168.0.1
[ 5] 3306                       ALLOW IN    192.168.0.1
[ 6] 80/tcp (v6)                DENY IN     Anywhere (v6)
[ 7] 443/tcp (v6)               DENY IN     Anywhere (v6)
[ 8] 3306 (v6)                  DENY IN     Anywhere (v6)

Now, the corresponding UFW rules can be deleted. The deletion command is as follows:

sudo ufw delete <number>

Other UFW Settings

If using IPv6, ensure UFW supports IPv6. Check this by opening UFW’s configuration file:

sudo vi /etc/default/ufw

Make sure the IPV6 value is set to yes.

IPV6=yes

If the configuration file has been modified, restart UFW to apply the changes.

sudo ufw disable
sudo ufw enable

If there are errors in the settings, the following command can be used to reset UFW to its default settings:

sudo ufw reset

These are the basic operations for managing the UFW firewall in an Ubuntu operating system environment. By now, you should have a preliminary understanding of the UFW firewall.