How To Allow a Firewall with UFW on Ubuntu

Here is how you can allow a firewall with UFW on Ubuntu. In particular on Vultr’s instance i.e. Ubuntu 20.04 LTS.

Prerequisites

• Have an Ubuntu 20.04 x64 instance.
• Logged in as a root with sudo privileges.

The Ubuntu Linux server is equipped with a firewall configuration tool known as ufw, which stands for Uncomplicated Firewall. It employs a command-line interface with a concise set of commands and utilizes iptables for its configuration. UFW is pre-installed on Ubuntu; however, if it has been removed for any reason, you can install it using the following command:

sudo apt install ufw

If you want to display a list of all UFW rules, you can execute the following command:

sudo ufw status verbose

The command will generate output as follows

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22                         ALLOW IN    Anywhere
22 (v6)                    ALLOW IN    Anywhere (v6)

Allowing Other Connections

The syntax to open additional ports may vary depending on the applications running on the system. Here is a general format for opening a port:

ufw allow port_number/protocol

Please use the following command to permit the reception of TCP packets on port 22:

sudo ufw allow 22

The command will generate output as follows

Rule added
Rule added (v6)

To permit a specific port for a web server, such as Apache or Nginx, please run the following command:

sudo ufw allow in "Apache Full"
sudo ufw allow in "Nginx Full"

and the output will be

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22                         ALLOW IN    Anywhere
80/tcp (Nginx HTTP)        ALLOW IN    Anywhere
22 (v6)                    ALLOW IN    Anywhere (v6)
80/tcp (Nginx HTTP (v6))   ALLOW IN    Anywhere (v6)

Denying Connections

To block specific IP addresses or close ports, you can use the following command:

sudo ufw deny port_number/protocol/IP addresses

As an instance, if you intend to reject connections on port 25, you can use the subsequent command:

sudo ufw deny 25/tcp

Alternatively, if you want to disallow any connections from the IP address 203.0.113.4, you can use this command:

sudo ufw deny http

Conclusion

Your UFW firewall has now been configured to allow connections. To ensure that your server is both secure and operational, ensure that you enable any additional incoming connections required by your server.