Firewall Basics with UFW: Protecting Your Server in Minutes

~ Tom's IT Cafe

What is a firewall?

A firewall sits between your server and the outside world. It decides which network traffic is allowed to reach your machine and which should be dropped. Think of it as a bouncer at a club: only people on the guest list get in.

UFW, short for Uncomplicated Firewall, is Ubuntu’s front‑end to iptables. It lets you write rules with simple commands instead of juggling raw tables.

Why use UFW?

  • Easy to learn: One‑liner commands.
  • Safe defaults: Blocks all inbound traffic unless you say otherwise.
  • Integrated with systemd: Starts automatically at boot.

If you’re running a fresh Ubuntu server, UFW is probably already installed. If not, install it first:

sudo apt update && sudo apt install ufw

Step 1 – Check the current status

sudo ufw status verbose

You’ll see something like:

Status: inactive

If it’s inactive, you haven’t turned the firewall on yet.

Step 2 – Set default policies

Before opening any ports, tell UFW what to do with traffic that doesn’t match a rule.

sudo ufw default deny incoming
sudo ufw default allow outgoing
  • deny incoming blocks everything that comes into your server unless you explicitly open it.
  • allow outgoing lets your server initiate connections (important for updates, email, etc.).

Step 3 – Open the ports you need

Most servers need SSH and HTTP/HTTPS at a minimum.

sudo ufw allow ssh          # or: sudo ufw allow 22/tcp
sudo ufw allow http         # or: sudo ufw allow 80/tcp
sudo ufw allow https        # or: sudo ufw allow 443/tcp

If you use a custom SSH port (say 2222), open it like this:

sudo ufw allow 2222/tcp

Step 4 – Enable the firewall

Now that your rules are in place, turn UFW on.

sudo ufw enable

You’ll get a warning: “This will change current firewall rules. Do you want to continue?” Type y and hit Enter.

UFW will now start enforcing the policies you set earlier.

Step 5 – Verify everything is working

sudo ufw status numbered

You should see a list of numbered rules:

Status: active

     To                         Action      From
     --                         ------      ----
[1] 22/tcp                     ALLOW IN    Anywhere
[2] 80/tcp                     ALLOW IN    Anywhere
[3] 443/tcp                    ALLOW IN    Anywhere

If you’re connected via SSH, keep that session open while you test. Open a new terminal window and try to ping your server from another machine. You’ll see traffic on ports 22, 80, or 443 pass through; everything else will be blocked.

Common troubleshooting tips

  • “I can’t connect after enabling UFW.”
    Make sure you opened the correct port. Use sudo ufw status numbered to double‑check.
  • “A rule seems missing.”
    Rules are applied in order; a later rule that blocks traffic may override an earlier allow. Remove or reorder rules with sudo ufw delete [number].
  • Logs can help.
    UFW logs blocked packets to /var/log/ufw.log. View it with:
  sudo less /var/log/ufw.log

Resetting UFW

If you want a clean slate, reset all rules and defaults:

sudo ufw reset

This turns the firewall off and clears every rule. Then start over from step 1.

Wrap‑up

UFW lets you secure your server with just a handful of commands. By denying all inbound traffic by default and only opening the ports you actually need, you create a strong first line of defense against random scans and unwanted connections.

Remember: a firewall is one layer of security. Pair it with regular updates, strong passwords (or key‑based SSH), and monitoring for a well‑protected system.

Happy hacking – safely!

Leave a comment