UFW firewall is a system that monitors the network traffic according to the specific rules to keep safe the network from network sniffers and other attackers. If you have installed UFW and its status is inactive then there could be many reasons behind it. In this guide, I will cover how to fix the inactive status of the UFW firewall on Linux.
- Why UFW is Showing Inactive Status on Linux
- Why UFW is Inactive By Default on Linux
- How to View UFW Status on Linux
- How to Fix UFW Status Shows Inactive on Linux
- How to Know Which Application Requires Incoming through UFW
- How to Identify and Allow Port with UFW
- How to Enable UFW for Applications that Require Incoming Traffic
Some reasons why UFW is inactive are mentioned below:
- In many Linux distributions, the UFW is pre-installed, but by default, it is inactive.
- If you have installed UFW by yourself, then it will be disabled by default showing inactive status.
The UFW is disabled by default because it can block SSH or HTTP ports, which are important for server communication and management. It denies all the incoming traffic and allows the outgoing traffic. As a server administrator, you can send requests and receive responses. However, the firewall will block all incoming connections.
The incoming traffic is important for SSH and HTTP communication. Without SSH, you won’t be able to access the server. In order to be connected with the server these ports must be allowed through the UFW. Therefore, before enabling UFW, you have to make sure that key ports for incoming traffic are enabled.
Note: I am using Ubuntu 22.04 to perform the following commands while the instructions are the same for other distributions as well.
In Linux, the UFW is disabled by default whether it is pre-installed or you have installed it manually. You need to activate it.
To inspect the UFW status execute the ufw status command in the terminal:
You can also check the UFW status through the UFW configuration file. To access the file, use the command given below:
Read the file and check the ENABLED service. If it is no then that means the UFW is disabled.
You can also launch the GUI application to check the UFW status.
The inactive status of UFW can be fixed by enabling it using the command line.
Before enabling the UFW, it is a good practice to have a look at added rules.
Note: By default, the UFW denies all incoming traffic.
To enable the UFW, launch the terminal and run the ufw enable command, which enables the UFW even on bootup:
To monitor the status, again run the command given below:
To format the status in numbered form, use:
You can also enable it using the UFW configuration file. Open the UFW configuration file using nano editor:
Find ENABLED, change the status from no to yes, and save the file.
To save the file press ctrl+X, it will prompt you to make changes, and press Y/y to save the file.
Note: You have to reboot the server to enable the UFW through the configuration file.
You can also enable the UFW using the GUI window of UFW. Launch the UFW application and toggle the enable.
Every port that needs incoming traffic must be allowed through UFW. SSH is crucial, because if you enabled the UFW without allowing the SSH port then you may lose your server control.
To view which application must be allowed for incoming traffic, run ufw app list command:
Or, check the UFW application profile:
These are the applications that require ports to be opened.
Note: The applications that require ports to be enabled have a UFW profile.
To know the port of a specific application, use the below-given command.
The syntax of the command is:
For example, to view the port name of SSH use the below-given command:
OpenSSH needs port 22 to function properly.
To check the port of Apache Full use:
As it can be seen Apache needs two ports 80 and 443 to work.
Upon enabling the UFW all the incoming traffic will be denied. In order to avoid your own exclusion from the server, it is important to add a rule to access the server via SSH before enabling UFW.
To add the OpenSSH connection rule use:
To add rules for the Apache web server use the following command:
The 80 and 443 ports are for HTTP and HTTPS respectively and both are required for Apache web server.
After enabling the key ports through UFW, you can enable the UFW using the ufw enable command.
UFW is the default firewall of various Linux distributions. By default, it is set to inactive because it may block the traffic from some important ports such as 22, 80, or 443. To make it active there are various procedures. UFW can be enabled using the command, UFW configuration file, and through the UFW graphical user interface. UFW disabled all the incoming traffic, therefore, ensure the SSH rule is added before enabling the UFW.