Linux Commands

How to Fix UFW Status Shows Inactive in Linux

UFW, also known as Uncomplicated Firewall, is a firewall system for many Linux distributions. UFW has made it very simple for new users to manage the firewall through the command line interface and GUI.

UFW firewall is a system that monitors the network traffic according to the specific rules to keep safe the network from network sniffers and other attackers. If you have installed UFW and its status is inactive then there could be many reasons behind it. In this guide, I will cover how to fix the inactive status of the UFW firewall on Linux.

Why UFW is Showing Inactive Status on Linux

Some reasons why UFW is inactive are mentioned below:

  • In many Linux distributions, the UFW is pre-installed, but by default, it is inactive.
  • If you have installed UFW by yourself, then it will be disabled by default showing inactive status.

Why UFW is Inactive By Default on Linux

The UFW is disabled by default because it can block SSH or HTTP ports, which are important for server communication and management. It denies all the incoming traffic and allows the outgoing traffic. As a server administrator, you can send requests and receive responses. However, the firewall will block all incoming connections.

The incoming traffic is important for SSH and HTTP communication. Without SSH, you won’t be able to access the server. In order to be connected with the server these ports must be allowed through the UFW. Therefore, before enabling UFW, you have to make sure that key ports for incoming traffic are enabled.

Note: I am using Ubuntu 22.04 to perform the following commands while the instructions are the same for other distributions as well.

How to View UFW Status on Linux

In Linux, the UFW is disabled by default whether it is pre-installed or you have installed it manually. You need to activate it.

To inspect the UFW status execute the ufw status command in the terminal:

sudo ufw status

You can also check the UFW status through the UFW configuration file. To access the file, use the command given below:

sudo cat /etc/ufw/ufw.conf

Read the file and check the ENABLED service. If it is no then that means the UFW is disabled.

You can also launch the GUI application to check the UFW status.

How to Fix UFW Status Shows Inactive on Linux

The inactive status of UFW can be fixed by enabling it using the command line.

Before enabling the UFW, it is a good practice to have a look at added rules.

sudo ufw show added

Note: By default, the UFW denies all incoming traffic.

To enable the UFW, launch the terminal and run the ufw enable command, which enables the UFW even on bootup:

sudo ufw enable

To monitor the status, again run the command given below:

sudo ufw status verbose

To format the status in numbered form, use:

sudo ufw status numbered

You can also enable it using the UFW configuration file. Open the UFW configuration file using nano editor:

sudo nano /etc/ufw/ufw.conf

Find ENABLED, change the status from no to yes, and save the file.

To save the file press ctrl+X, it will prompt you to make changes, and press Y/y to save the file.

Note: You have to reboot the server to enable the UFW through the configuration file.

You can also enable the UFW using the GUI window of UFW. Launch the UFW application and toggle the enable.

How to Know Which Application Requires Incoming through UFW

Every port that needs incoming traffic must be allowed through UFW. SSH is crucial, because if you enabled the UFW without allowing the SSH port then you may lose your server control.

To view which application must be allowed for incoming traffic, run ufw app list command:

sudo ufw app list

Or, check the UFW application profile:

ls /etc/ufw/applications.d

These are the applications that require ports to be opened.

Note: The applications that require ports to be enabled have a UFW profile.

How to Identify and Allow Port with UFW

To know the port of a specific application, use the below-given command.

The syntax of the command is:

sudo ufw app info "<app-name>"

For example, to view the port name of SSH use the below-given command:

sudo ufw app info "OpenSSH"

OpenSSH needs port 22 to function properly.

To check the port of Apache Full use:

sudo ufw app info "Apache Full"

As it can be seen Apache needs two ports 80 and 443 to work.

How to Enable UFW for Applications that Require Incoming Traffic

Upon enabling the UFW all the incoming traffic will be denied. In order to avoid your own exclusion from the server, it is important to add a rule to access the server via SSH before enabling UFW.

To add the OpenSSH connection rule use:

sudo ufw allow 22

Or use:

sudo ufw allow "OpenSSH"

To add rules for the Apache web server use the following command:

sudo ufw add 80,443/tcp

The 80 and 443 ports are for HTTP and HTTPS respectively and both are required for Apache web server.

Or use:

sudo ufw allow "Apache Full"

After enabling the key ports through UFW, you can enable the UFW using the ufw enable command.

Conclusion

UFW is the default firewall of various Linux distributions. By default, it is set to inactive because it may block the traffic from some important ports such as 22, 80, or 443. To make it active there are various procedures. UFW can be enabled using the command, UFW configuration file, and through the UFW graphical user interface. UFW disabled all the incoming traffic, therefore, ensure the SSH rule is added before enabling the UFW.

About the author

Sam U

I am a professional graphics designer with over 6 years of experience. Currently doing research in virtual reality, augmented reality and mixed reality.
I hardly watch movies but love to read tech related books and articles.