#language en
||<tablestyle="width: 100%;" style="border: 0px hidden">~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/Uncomplicated Firewall (ufw)|Español]]||<style="text-align: right;border: 0px hidden"> (!) [[/Discussion]]||
----
||<style="border:0;vertical-align: top;">'''Uncomplicated Firewall (ufw)''' — The Uncomplicated Firewall (ufw, and gufw - a Graphical User Interface version of the same) is a frontend for iptables and is particularly well-suited for host-based firewalls. Ufw provides a framework for managing netfilter, as well as a command-line interface for manipulating the firewall.||

<<TableOfContents>>

== Installation ==

Uncomplicated Firewall can be easily installed by typing this command into the terminal as a super user: 

{{{
# apt-get install ufw
}}}

However, simply installing the firewall will not turn it on automatically, nor it will have any rule set by default.

== Configuration ==

* /!\ Warning: If you are configuring over SSH, you may wish to allow SSH before enabling the firewall. If your connection gets interrupted before allowing SSH you may be locked out of your system. 

Firstly, the firewall must be enabled by typing:

{{{
# ufw enable
}}}

'''Note''': it may be disabled the same way, by replacing ''enable'' with ''disable''.

Secondly, defaults must be set up. For normal users the following defaults will do just fine.

{{{
# ufw default deny incoming
# ufw default allow outgoing
}}}

Next, it is recommended to verify that the firewall is enabled by typing:

{{{
# ufw status verbose
}}}

'''Note''': With this command you will also be able to see all of the defaults and rules which you have applied.

== Firewall Rules ==

Allowing rules is quite simple from the command line, and it is sometimes necessary. For example, by default ufw denies all of the incoming connections, which will make it a problem if you are using SSH. Therefore, you must create a rule which allows SSH connections, by typing:

{{{
# ufw allow ssh
}}}

Other rules may be added in the same way by simply specifying a name of the program (Deluge, Transmission). Ufw comes with preloaded defaults for some commonly used programs, and they are automatically activated when you make a rule by specifying the name of the program. List the default programs with the following command:

{{{
# ufw app list
}}}

=== Port Ranges ===

Port ranges may also be specified, a simple example for tcp would be:

{{{
# ufw allow 1000:2000/tcp
}}}

and for udp:

{{{
# ufw allow 1000:2000/udp
}}}

=== IP address ===

An IP address may also be used: 

{{{
# ufw allow from 111.222.333.444
}}}

== Deleting Rules ==

Rules may be deleted with the following command:

{{{
# ufw delete allow ssh
}}}

You may also delete rules by number. To show a numbered list of rules:

{{{
# ufw status numbered
}}}

This will output a numbered list of rules, and the number may be used to delete a particular rule:

{{{
# ufw delete 2
}}}

== Graphical Interface ==

If you do not want to manage your firewall through the command line there is a graphical user interface available for ufw called gufw. You may install it through your preferred package manager by searching for gufw or you may execute the following command in the terminal:

{{{
# apt-get install gufw
}}}

== Links ==
----
[[https://launchpad.net/ufw/|ufw in Launchpad]]
[[http://gufw.org/|gufw official website]]