What is Firewall UFW iptables in Ubuntu?

What is Firewall UFW iptables in Ubuntu?

If you using Ubuntu or any Linux What is Firewall UFW iptables in Ubuntu? Let’s begin, a firewall can be software or hardware that will ensure and improve the security of computers connected to networks, such as LAN or internet. The primary goal of any firewall is to monitor/block suspicious traffic request and data packets. However, it is very important to configure and control your firewall effectively. We can use a combination of hardware and software to make secure communications. There are different type of firewall, so we have choices to implement it as per the purpose e.g. Packet Filters, Applications Gateways, Dynamic Packet Filters, Circuit level Gateways and many more.

UFW is Uncomplicated Firewall. It developed to provide friendly framework to manage iptables, so it became default firewall on system like Ubuntu and Debian. Along with command line, UFW have some GUI tool (gUFW) to help that make firewall configuration easier.

What is iptables? It is a rules based default firewall in most of Linux based operating systems. iptables define rules for incoming and outgoing packets which may contained important information.

Install UFW

You must understand only root or user with sudo privileges can manage the firewall.

As we discussed, ufw should be installed on Ubuntu. So with the help of following command we can check ufw installed or not on our system.

$ which ufw

If ufw already installed on system, command return following message.


$ /usr/sbin/ufw  -- ufw path 

If ufw not installed then use following command to install it.

$ sudo apt-get install ufw   -- install ufw command

Once installation is completed, check ufw status ( Enabled / Disabled ).

$ sudo ufw status verbose

By default ufw is disabled or not activated before, give below like output:


Status: inactive 

Now let’s enabled it.

$ sudo ufw enable

Firewall is active and enabled on system startup

Check ufw status again, this time Output like be as follow.

$ sudo ufw status


Status: active
To                 Action    From
--                 ------    ----
Apache Full        ALLOW     Anywhere
Apache Full (v6)   ALLOW     Anywhere
20190913194650 enaff i?offer id=6&file id=1058&aff id=18268

Configure ufw to support IPv6

If the system has both IPv4 and IPv6 then we need to change setting in UFW configuration file. Open configuration file add following line OR uncomment line IPV6=yes

Set up default ufw policies.

At initial level default ufw policies work great for both, server and desktop. So it is always best practice to closes all ports on server and open only necessary port as per requirement. Lets block all incoming connection and only allow outgoing connections.

$ sudo ufw default allow outgoing

Default outgoing policy changed to 'allow'

$ sudo ufw default deny incoming

Default incoming policy changed to 'deny'

Block Access

Now we will check how to Block or Allow all network connection which originate from specific IP address. Use example . To Block all network traffic, we use deny command.


$ sudo ufw deny from < Remote IP Address > to < Local IP Address > proto < Protocol > port < Port Number >

Block All network connections from IP address

$ sudo ufw deny from to any

Let see how we can block network traffic on specific Protocol and port.

$ sudo ufw deny from to any proto tcp port 80 
en 728x90 1
What is Firewall UFW iptables in Ubuntu? 5

Allow Access

Let add rules to allow IP address to all traffic or for specific network ports using ufw “allow” command.


$ sudo ufw allow from < Remote IP Address > to < Local IP >
$ sudo ufw allow from 

So Above firewall rule will allow all network connection from the mention IP address.

$ sudo ufw allow from to 

This rule allow all connection from IP Address only to IP Address

$ sudo ufw allow from to any proto tcp port 80

This time, above rule will allow network traffic related to TCP protocol and open port 80 to specific IP Address.


So syntax for allow or deny connection to a subnet of IP Address is similar as allowing to a single IP address. The only difference is we need to mention the netmask.

In below example we allow access from range of IP addresses to to MySQL port (3306)

$ sudo ufw allow from to any port 3306

Delete rules

Now let understand how to delete ufw rules because it is equally important to understand how to create it. There are different ways to remove rules from ufw. We can remove rule by its number OR by actual rule. So let try easier way that is delete by rule number.

By rule number

To delete ufw firewall rules by number, we need to list down all rules with numbers. Following command with numbered option will display numbers texts to each rule

$ sudo ufw status numbered   


status: active

To                         Action        From
---                       --------       -----
[ 1] Apache Full          ALLOW IN       Anywhere
[ 2] Apache Full          DENY IN
[ 3] Apache Full (v6)     ALLOW IN       Anywhere

Suppose we want to delete rule no 2 which blocking connection from IP address, we can mention rule no in ufw delete command as follow. It is protective process, so it will ask confirmation before delete rule.

$ sudo ufw delete 2

By actual rule

Now let try to delete rule using the original rule, mention original rule with ufw delete command. Check example add one more rule and then delete it.

$ sudo ufw allow from to any proto tcp port 22 

Execute following command to delete above rule

$ sudo ufw delete allow from to any proto tcp port 22

Delete all rules

Following command will remove all firewall rules and also disable the firewall.

$ sudo ufw reset


Resetting all rules to installed defaults. Proceed with operation (y|n)? y
Backing up 'user.rules' to '/etc/ufw/user.rules.20200730_185856'
Backing up 'before.rules' to '/etc/ufw/before.rules.20200730_185856'
Backing up 'after.rules' to '/etc/ufw/after.rules.20200730_185856'
Backing up 'user6.rules' to '/etc/ufw/user6.rules.20200730_185856'
Backing up 'before6.rules' to '/etc/ufw/before6.rules.20200730_185856'
Backing up 'after6.rules' to '/etc/ufw/after6.rules.20200730_185856'

Any rules that we created with ufw will no longer active, so to activate it we need to run sudo ufw enable

I hope, you got answer of our question What is Firewall UFW iptables in Ubuntu? we covered basic ufw and its features. Now we will discuss more and advance level of ufw in our next post. Please visit again and send your valuable comments and feedback to improve our content.

Share and Enjoy !


Leave a Reply