Translation(s): English

(!) ?/Discussion


Uncomplicated Firewall (ufw) — The Uncomplicated Firewall (ufw) is a frontend for iptables and is particularly well-suited for host-based firewalls. ufw provides a framework for managing netfilter, as well as a command-line interface for manipulating the firewall.

Installation

Uncomplicated Firewall can be easily install by typing this command into the terminal as a super user:

# apt-get install ufw

However, simply installing the firewall will not turn it on automatically, nor it will have any rule set by default.

Configuration

Firstly, the firewall must be enabled by typing:

# ufw enable

Note: it may be disabled the same way, by replacing enable with disable.

Secondly, defaults must be set up. For normal users the following defaults will do just fine.

# ufw default deny incoming
# ufw default allow outgoing

Next, you must verify that the firewall is enabled by typing:

# ufw status verbose

Note: With this command you will also be able to see all of the defaults and rules which you have applied.

Firewall Rules

Allowing rules is quite simple from the command line, and is sometimes necessary. For example, by default ufw denies all of the incoming connections, which will make it a problem if you are using SSH. Therefore, you must make a rule which allows SSH connection by typing:

# ufw allow ssh

Other rules may be added in the same way by simply specifying a name of the program (Deluge, Transmission). This is due to the fact, that ufw comes with specific defaults for some commonly used programs, and they are automatically activated when you make a rule by using the name of the program.

Port Ranges

Port ranges may also be specified, a simple example for tcp would be:

# ufw allow 1000:2000/tcp

and for udp:

# ufw allow 1000:2000/udp

IP address

An IP address may also be used:

# ufw allow from 111.222.333.444

Deleting Rules

Rules may be deleted with the following command:

# ufw delete allow ssh


ufw in Launchpad