UFW Firewall on Linux: A Complete Beginner-to-Advanced Guide

Now since we have already studied about Linux Firewall using IPtables, let’s dive into another commonly used firewall i.e., UFW Firewall also called as Uncomplicated Firewall.

Table of Contents

1. Introduction to UFW
2. Why Use UFW Instead of IPTables?
3. UFW Internals and Backend
4. Basic UFW Commands
5. Default Policies: What Happens When Nothing Matches
6. Allowing and Denying Services
7. Allow/Deny by IP Address
8. Port Ranges, Protocols, and Advanced Matches
9. UFW with Applications (App Profiles)
10. Logging and Monitoring Traffic
11. GUI for UFW: Gufw
12. Persistent Rules and System Boot
13. Common Troubleshooting
14. Conclusion

1. Introduction to UFW Firewall

UFW (Uncomplicated Firewall) is a simplified frontend for managing IPTables on Linux systems. It was developed by Canonical to make firewall configuration more intuitive, especially for beginners.

UFW is ideal for:

• Desktop users
• Basic and intermediate server users
• Anyone who prefers readable commands over complex IPTables syntax

2. Why Use UFW Instead of IPTables?

Feature	IPTables	UFW
Complexity	Steep learning curve	Beginner-friendly
Configuration	Detailed & granular	Human-readable
Use case	Advanced setups	General security needs
Backend	Native	Uses IPTables behind the scenes

3. UFW Internals and Backend

• UFW operates on top of iptables/netfilter.
• UFW rules are stored in /etc/ufw/ (e.g., before.rules, user.rules).
• UFW configuration file: /etc/default/ufw
• On Ubuntu systems, it integrates well with Debian networking and cloud-init.

4. Basic UFW Commands

Enable UFW:

sudo ufw enable

Disable UFW:

sudo ufw disable

Check UFW status:

sudo ufw status

More detailed:

sudo ufw status verbose

Reset all rules:

sudo ufw reset

5. Default Policies

Before adding rules, set default policies:

sudo ufw default deny incoming
sudo ufw default allow outgoing

This blocks all incoming traffic except what is explicitly allowed.

6. Allowing and Denying Services

Allow incoming SSH:

sudo ufw allow ssh
# or
sudo ufw allow 22/tcp

Deny HTTP:

sudo ufw deny 80

Allow HTTPS only:

sudo ufw allow 443/tcp

Specify port and protocol:

sudo ufw allow 53/udp

7. Allow/Deny by IP Address

Allow all traffic from a specific IP:

sudo ufw allow from 192.168.1.100

Allow from IP to specific port:

sudo ufw allow from 192.168.1.100 to any port 22

Block specific IP:

sudo ufw deny from 203.0.113.5

8. Port Ranges, Protocols, and Advanced Matches

Allow a port range:

sudo ufw allow 1000:2000/tcp

Allow specific protocol:

sudo ufw allow proto udp from any to any port 1194

Use interfaces:

sudo ufw allow in on eth0 to any port 3306

9. UFW with Applications (App Profiles)

UFW can read application profiles stored in:

/etc/ufw/applications.d/

List available profiles:

sudo ufw app list

Example:

sudo ufw allow 'Apache Full'

To view details:

sudo ufw app info 'Apache Full'

10. Logging and Monitoring Traffic

Enable logging:

sudo ufw logging on

Disable logging:

sudo ufw logging off

Log levels:

• off
• low (default)
• medium
• high
• full

Change log level:

sudo ufw logging medium

Logs are stored in /var/log/ufw.log

11. GUI for UFW: Gufw

Gufw is a graphical frontend for UFW.

Install on Ubuntu:

sudo apt install gufw

Features:

• Easy toggling of firewall state
• Quick add/remove rules
• Good for desktop users unfamiliar with terminal

12. Persistent Rules and System Boot

UFW rules are persistent across reboots once enabled. No additional steps are required.

To confirm:

sudo systemctl status ufw

To enable at boot:

sudo systemctl enable ufw

13. Common Troubleshooting

Check if UFW is active:

sudo ufw status

Rule not working?

• Check ordering: ufw processes rules in the order defined
• Make sure the rule is for the correct interface/protocol
• Check if another firewall (like firewalld or nftables) is active

Reset and start fresh:

sudo ufw reset
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw enable

14. Conclusion

UFW is the perfect firewall utility for Linux users who want simple, readable, and effective security without the complexity of raw IPTables syntax. It’s especially great for:

• System administrators who want quick rule management
• Users of Ubuntu or Debian-based systems
• Developers securing test environments or cloud instances

Key Benefits:

✅ Easy to learn
✅ Uses readable syntax
✅ Backend power of IPTables
✅ Automatically persistent

By learning UFW, you gain the confidence to manage Linux firewall rules securely and efficiently — even in production environments.