Ubuntu Firewall: How to Turn on Firewall on Ubuntu Server

The Uncomplicated Firewall is the front-end for iptables on Ubuntu Linux. It still uses the iptables service, but provides a simple command-line interface to construct otherwise complicated IP table rules. 

The ufw is already installed on Ubuntu 20.04 and Ubuntu 18.04, but it is disabled by default.

Here’s the command to check whether ufw is currently running or not:

sudo ufw status

If you see output like: “Status inactive”, that means ufw is turned off. In that case, you can do the following steps to turn it on.

  1. Open SSH Port 22: The first thing we need to do is open SSH port 22 to allow remote access to the Ubuntu system. The following command will do exactly that.
    sudo ufw allow 22/tcp
  2. Enable UFW: Now that we’ve opened the SSH port, we’ll enable ufw with the ufw enable command:
    sudo ufw enable
  3. Check the Firewall Status: After that, run the status command and make sure that the firewall is active and running.
    sudo ufw status
Ubuntu Firewall: How to Turn on Firewall on Ubuntu Server

How it Works

Ubuntu Firewall is turned off by default in Ubuntu 20.04 and 18.04. However, it is extremely easy to set up, but before that we need to pre-configure the firewall to open SSH port 22.

open SSH port 22 to allow remote access to the Ubuntu system

This is because the UFW default policy is to block all incoming traffic. That means if we start the firewall without opening port 22, we will not be able to SSH into our Ubuntu server. This is going to be a big problem if your server is located in a remote location.

After we have opened port 22, we enabled the UFW with ufw enable command.

After we have opened port 22, we enabled the UFW with ufw enable command.

Now if you run the status command, you will see status as active along with a quick summary of Ubuntu firewall configuration.

Check the Firewall Status

UFW is available for other Debian-based distros as well, but probably not installed by default as in the case with Debian 10. However, you can easily install it by using the apt-get install ufw command.

Turn off Ubuntu Firewall

If you want to disable ufw firewall, use the command: ufw disable to disable the firewall.

sudo ufw disable

Preceding command will stop and disable UFW on system startup.

Adding and removing firewall rules

If you have a website hosted on your Ubuntu Server, you need to add a new firewall rule to open TCP port 80.

sudo ufw allow 80/tcp

To delete a rule, just prefix the original rule to the ufw delete command:

sudo ufw delete allow 80/tcp

Only allow SSH traffic from a specific IP Address (192.168.1.200):

sudo ufw allow proto tcp from 192.168.1.200 to any port 22

Note that “to any” means accept traffic on any local IP address in case your Ubuntu server has multiple IP addresses.

Or you can allow traffic from an entire network:

sudo ufw allow proto tcp from 192.168.1.0/24 to any port 22

Block IP Addresses

Let’s say a malicious IP address is caught attempting to attack your server. In that case you can block the IP address like this:

sudo ufw deny from 192.168.1.200 to any

Preceding command blocks all network traffic from 192.168.1.200 IP address.

Resetting The Firewall Rules

We can reset the ufw to its default state with the reset command.

sudo ufw reset

The reset command also turns off Ubuntu firewall.