Ubuntu

Advanced UFW Firewall Configuration in Ubuntu 20.04

Uncomplicated Firewall, abbreviated as UFW, is an easy-to-use and reliable firewall interface. It supports IPv4 and IPv6 versions of Ubuntu. This article will show you how to perform UFW firewall installation and how to configure advanced firewall rules in Ubuntu 20.04

Install UFW on Ubuntu 20.04

UFW is available on Ubuntu-based distributions, but in case you deleted it by mistake, you can install it again. Follow the steps below to do so.

Step 1: Update APT

As always, first, update your APT. Do so by entering the following command:

$ sudo apt update

Step 2: Upgrade APT

Now, upgrade your APT. To do so, enter the command below:

$ sudo apt upgrade

Step 3: Download and Install UFW

Enter the following command to download and install UFW onto your Ubuntu machine:

$ sudo apt install ufw

You will be prompted with a yes/no condition. Select “y” to continue the installation.

Step 4: Enable/Disable UFW

You can enable/disable the UFW service every time the system boots up via the following command:

$ sudo ufw enable

$ sudo ufw disable

Check the current status of UFW using the terminal command below:

$ sudo ufw status

Step 5: Block Incoming and Allow Outgoing Data Traffic

To block any incoming and allow outgoing data traffic, which is the default configuration in the UFW policy, enter one of the following two commands (the first is for outgoing, the second is for incoming):

$ sudo ufw default allow outgoing

Command: $ sudo ufw default deny incoming

Step 6: Add, Modify, and Delete Firewall Rules

You can add, modify, and delete firewall rules using two different methods, port number or service name. Enter either of the following commands to do so:

$ sudo ufw allow http

$ sudo ufw allow 80

Filter the data packets using different protocols.

$ sudo ufw allow 80/tcp

Step 7: Check Status of Updated Rules

You can check the status of the updated rules with the terminal command given below:

$ sudo ufw status verbose

Using Advanced UFW Rules

You can allow a specific IP address to gain or deny access. Execute the following command to allow the IP address to gain access to the services:

$ sudo ufw allow from 162.197.1.100

$ sudo ufw deny from 162.197.1.100

Authorize an IP address to gain access to a TCP port using the terminal command given below:

$ sudo ufw allow from 162.197.1.100 to any port 80 proto tcp

You can specify ranges for a specific port. To do so, execute the following command:

$ sudo ufw allow 2000:3000/tcp

You can also deny a specific IP to gain access to a port while allowing other IP addresses to access that port. To do so, enter the command given below:

$ sudo ufw allow from 162.197.0.86 to any port 22

$ sudo ufw deny from 162.197.0.0/24 to any port 22

Allow specific protocol traffic on an ethernet interface by entering the following:

$ sudo ufw allow in on etho0 to any port 80

UFW allows all ping requests; you can change this option using your favorite text editor in the configuration file.

$ sudo gedit /etc/ufw/before.rules

Now, remove the lines given below:

-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT

Save this file and close it.

To reset all the rules in UFW, execute the following terminal command:

$ sudo ufw reset

Conclusion

That is all about UFW, using the UFW firewall rules, and using the UFW advanced firewall rules.

About the author

Younis Said

I am a freelancing software project developer, a software engineering graduate and a content writer. I love working with Linux and open-source software.