How to open ports in UFW (Uncomplicated Firewall)

UFW is a simple firewall management tool that allows you to manage  iptables/netfilter rules on your system, it is an essential tool for securing your network. If you are installing new apps on your system that will need specific ports open or closed then this tutorial is for you.

In this tutorial you will learn how to open/close a port or multiple ports on your firewall on Linux.

1)Open a port on UFW

To open a port on your firewall type the command below

replace 80 with the port you want open

sudo ufw allow 80

You can also open a port by using the service name, to get the full list of the services use the less command as shown below

less /etc/services

The above command will display the full list of the services and the port that x service uses, so when you need to open let's say port 80 you can do so by executing this command

sudo ufw allow http

Close a port on UFW

Whether you want to block connections to a port or close a port that was previously being used by an app that you don't already use, the command below will do that for you.

sudo ufw deny 25

You can also close a port by using the service's name, just like you can open a port by using the service's name.

For example, to block port 25 which is the smtp port, you can use the command below

sudo ufw deny smtp

2) Open TCP/UDP port on UFW

You can also open a port and specify the type of the port you open

The command below will open two ports in this case 9090 for TCP and UDP connections

sudo ufw allow 9090/tcp
sudo ufw allow 9090/udp

Close TCP/UDP port

Note: This command will block the port 53 only for TCP protocol

sudo ufw deny 53/tcp

The syntax should look like this

sudo ufw allow/deny port/protocol

3) To Allow connections from a specific IP address

If you want to allow connections to your server/computer from a specific IP, then you can use the command below

sudo ufw allow from 192.168.0.1

Since we are not specifying any port or protocol it means the IP that you are setting on the rule above will be able to connect to any port that is open on your server.

Deny Connections from a specific IP address

To deny connections for a specific IP address, for example if you want to deny connections from a known malicious IP address from reaching your server, then simply use the command below

sudo ufw deny from IP-address-here

4) Allow connections from IP Subnet

If you want to allow connections from an IP subnet use the command below

sudo ufw allow 192.168.0.1/24

Block Connections from IP Subnet

If you need to block access for a full subnet use the command below

sudo ufw deny from 192.168.0.1/24

This will block the whole IP addresses on that subnet, use this rule only if you know what you are doing because you can end up blocking a whole country's IP addresses. For example if you have a website you would block users from reaching your website that you didn't mean to.

5)Allow connections from a trusted IP to a specific port

For example: if you want to secure your server when you login via ssh and you want only your IP to be able to connect to your server then you can use the command below. This command means it will allow only the IP you specify to connect to port 22

sudo ufw allow from 192.168.0.1 to any port 22

Deny connections from an IP address to a specific port

To block connections from an IP address to the port 22 use the command below

sudo ufw deny from 192.168.0.1 to any port 22

Enable UFW after setting firewall rules

Once you have open, closed or made any changes to your firewall rules you need to save those changes by using the command below

sudo ufw enable

This command will enable the firewall on your system, to check if the firewall has successfully started and that it's running correctly you can check by using the status command

sudo ufw status

Note: The default rules on ufw are block all incoming connections and allow all outgoing, this means any Ip trying to reach your server won't be able to do it, only connections made from your server will be allowed. This configuration is useful for home networks but in cases when you are installing ufw on ssh server you need to make sure you allow connections to port 22 because if you enable ufw while you are connected to your ssh server and without opening the port 22 first, it will disconnect you from server.

So, to avoid locking yourself out of your server make sure to allow connections on port 22 by running the command below

sudo ufw allow ssh

Delete Rules

If you want to delete a rule that you think you won't need it anymore or if you put the wrong rule then don't worry about it because deleting a ufw rule is simple as adding a rule, all you need to do is use the delete parameter when allowing or denying connections.

For example, let's say you added this rule that allows connections to port 80

sudo ufw allow 80

To delete this rule, simply run the command below

sudo ufw delete allow 80

Same parameter applies to connections that you blocked

sudo ufw delete deny 80

The command above will delete the rule that is blocking the connection to port 80

Disable UFW

If you want to disable UFW run the disable command

sudo ufw disable

To reset UFW rules

Use the reset command in cases when you need to reset UFW rules to default.

sudo ufw reset

Conclusion

By now you should know the most common ufw firewall rules that you'll need using to secure your network.  To get the full list of commands of UFW you can run the command ufw man

Author

Endrit Qerreti

Web Development, IT, Linux System Administration, Security Researcher, Computer Technician

Comments