Linux Learning Notes – UFW

1. What is UFW

<span>ufw</span> (Uncomplicated Firewall) is a simplified firewall management tool provided in Ubuntu and some Linux distributions. It is based on <span>iptables</span> / <span>nftables</span>, but wraps a simple and easy-to-use command line interface to help users quickly configure firewall rules (such as opening ports, denying access, limiting access, etc.) without directly manipulating complex underlying rules.

2. What is the principle

The working principle of <span>ufw</span> is:

  • Underlying dependency on iptables/nftables: All rules are ultimately converted into kernel-level <span>netfilter</span> rules;
  • Rule encapsulation and abstraction: Users can use simplified commands (such as <span>ufw allow 22</span>), and <span>ufw</span> automatically generates equivalent iptables/nftables configurations;
  • Persistence and loading: Rules are written to configuration files in the <span>/etc/ufw/</span> directory and are automatically loaded at system startup;
  • Traffic processing flow:

The traffic processing flow is as follows:

  1. Network packets enter the host → Enter the Linux kernel netfilter framework;
  2. netfilter checks according to the <span>iptables/nftables</span> rules;
  3. The rules written in advance by <span>ufw</span> determine whether the packet is allowed, denied, or dropped;
  4. The result is fed back to the kernel network stack → Then handed over to the application layer for processing or directly discarded.

3. Prerequisites

Before using <span>ufw</span>, you need to:

  • Operating System: Debian/Ubuntu-based Linux systems (can also be installed on other systems);

  • Components:

    • <span>iptables</span> or <span>nftables</span> (one of them must be installed on the system, usually comes by default);
    • <span>ufw</span> package (if not installed, you can execute <span>sudo apt install ufw</span> to install);

  • Permissions: root or a user with <span>sudo</span> privileges;

  • Environment: It is recommended to ensure that there is an SSH login rule before enabling <span>ufw</span> on the server (to avoid accidental lockout).

4. Configurable options

UFW provides the following common configurable options:

  • Basic control

    • <span>ufw enable</span> / <span>ufw disable</span>: Enable/disable the firewall
    • <span>ufw status</span>: View rule status

  • Rule configuration

    • <span>ufw allow <port></span>: Allow specified port
    • <span>ufw deny <port></span>: Deny specified port
    • <span>ufw delete <rule></span>: Delete rule
    • <span>ufw allow from <IP></span>: Allow specific IP address access
    • <span>ufw allow from <IP> to any port <port></span>: Allow a specific IP to access a specified port
    • <span>ufw limit <port></span>: Limit port connection rate (to prevent brute force attacks, such as SSH)

  • Default policy

    • <span>ufw default deny incoming</span>: Deny all incoming traffic by default
    • <span>ufw default allow outgoing</span>: Allow all outgoing traffic by default

  • Logging

    • <span>ufw logging on|off|low|medium|high</span>: Control log level

5. Precautions

  • Avoid locking out SSH: Before enabling <span>ufw</span> on a remote server, you must first execute <span>ufw allow 22</span>.
  • Rule order: The internal rule order of <span>ufw</span> will affect the matching results, and the first matched rule will take precedence.
  • Persistence: The default rules of <span>ufw</span> will be written to the configuration file and remain effective after a reboot.
  • IPv6 support: If the server has IPv6 enabled, you need to enable <span>IPV6=yes</span> in <span>/etc/default/ufw</span>.
  • Log files: Related logs are recorded in <span>/var/log/ufw.log</span>.

6. Practical cases

Case 1: Regular server configuration

# Install and enable ufw
sudo apt install ufw -y
sudo ufw enable

# Allow SSH remote login
sudo ufw allow 22

# Allow HTTP/HTTPS services
sudo ufw allow 80
sudo ufw allow 443

# Deny other external access by default
sudo ufw default deny incoming
sudo ufw default allow outgoing

# View rule status
sudo ufw status verbose

Case 2: Allow only a specific IP to access the database

# Assuming the database port is 3306, only allow 192.168.1.100 to access
sudo ufw allow from 192.168.1.100 to any port 3306

Case 3: Limit SSH brute force attacks

# Use limit to restrict the number of failed SSH login attempts
sudo ufw limit ssh

Related posts

  1. Common Commands That Affect Cache in Linux Systems
  2. The Powerful and Practical dd Command in Linux You May Not Have Heard Of!
  3. Connecting to CentOS 8 Using Windows 10 Remote Desktop
  4. Practical Analysis of Attackers Exploiting Windows and Linux Vulnerabilities for System Intrusion
  5. Automating the Build of JAR Packages with Jenkins, SVN, and Spring Boot on Linux
  6. From Half a Year to a Year of Bug Stories: The Pain of FPGA Timing Constraints, from Hardware Interference to IP Core Hazard Investigation
  7. Can Floating-Point Types in C Language Be Accurately Represented?
  8. C Language Naming Beyond ‘Hundred Family Surnames’: Discussing the ‘Hidden Rules’ Known Only to Experts
  9. ChartDirector: A Powerful C++ Chart Library
  10. Dictionaries and Special Dictionaries in Python
  11. Questions and Answers on Microcontroller Application Systems
  12. Understanding the Concept of Pointers in C Language in One Minute
  13. A Detailed Interpretation of #define and const Constants in C Language
  14. CVE-2025-0566 Stack Overflow Vulnerability Reproduction on A15-MIPS Architecture
  15. The Development History of the C Language
  16. C Language Program to Determine if a Number is Even or Odd
  17. Analysis of Experiment 8 in Assembly Language
  18. Decoding the Contents of FPGA Bitstreams
  19. Applications of Photo Relays in Automatic Control – Advanced Optical Semiconductors

Leave a Comment