Conventions
- # – requires given linux commands to be executed with root privileges either directly as a root user or by use of
sudocommand - $ – requires given linux commands to be executed as a regular non-privileged user
Example 1
Open incoming TCP port 10000 to any source IP address:
$ sudo ufw allow from any to any port 10000 proto tcpExample 2
Open incoming TCP port 443 to only specific source IP address eg. 10.1.1.231:
$ sudo ufw allow from 10.1.1.231 to any port 443 proto tcpExample 3
Open incoming UDP port 53 to source subnet eg. 10.1.1.0/8:
$ sudo ufw allow from 10.1.1.0/8 to any port 53 proto udpExample 4
Open incoming TCP ports 20 and 21 from any source, such as when running FTP server:
$ sudo ufw allow from any to any port 20,21 proto tcpUFW blocking port 8001 until I login to ubuntu
What I would recommend doing, just to make sure we get the correct setup, is running
ufw disable
Then
ufw reset
The above stops ufw and then resets all rules. With a clean slate, we setup our default policies first.
ufw default deny incoming \
&& ufw default allow outgoing
With those rules in place, we then add the rules we need to work for whatever our purposes are. To start, I recommend allowing SSH in first.
ufw allow 22/tcp
We can then allow application-specific ports, such as 80, 443, 8001, etc. I’ll start with those three.
ufw allow 80/tcp \
&& ufw allow 443/tcp \
&& ufw allow 8001/tcp
We could also run just one command (copy and paste directly)
ufw disable \
&& ufw reset \
&& ufw default deny incoming \
&& ufw default allow outgoing \
&& ufw allow 22/tcp \
&& ufw allow 80/tcp \
&& ufw allow 443/tcp \
&& ufw allow 8001/tcp
Now, if you need to add any other ports, now’s the time to go ahead and add them. If nothing more needs to be added, we can then run
ufw enable
When prompted to confirm, type y, hit enter, and ufw is active once again.
