ufw (Uncomplicated Firewall) is a friendly front-end for configuring Linux firewalls, originally built for Ubuntu and now available on many distributions. It hides the complexity of iptables/nftables behind simple English-like commands, making basic host firewalling trivial to set up.
sudo ufw enable # turn on firewall
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22/tcp # SSH
sudo ufw allow 80/tcp # HTTP
sudo ufw allow from 10.0.0.0/8 # trusted subnet
sudo ufw deny from 203.0.113.42 # block an IP
sudo ufw status verbose # show current rules
sudo ufw delete allow 80 # remove a rule
ufw's "application profiles" in /etc/ufw/applications.d/ map friendly names to port combinations so you can ufw allow OpenSSH without remembering it is port 22. For simple servers and desktops, ufw is more than enough. For complex firewalls with many rules, zones, and NAT, firewalld or direct nftables configuration offer more power.
On a fresh Ubuntu server, enabling ufw with default-deny-in and allow-ssh is a solid quick win: it eliminates most scanning noise at minimal complexity. Like all firewalls, remember to keep yourself out of trouble—disabling SSH while configuring remotely is the oldest mistake in the book.
Discussed in:
- Chapter 12: Networking — Firewalls: iptables, nftables, ufw, firewalld
Also defined in: Textbook of Linux