UFW, or Uncomplicated Firewall, is designed to facilitate the management of iptables, offering a more user-friendly way to create and manage firewall rules. It abstracts the complexity of iptables commands into simpler operations, making it accessible for users of all skill levels.
Profiles in UFW are pre-configured sets of rules that can be easily applied to applications or services, located in /etc/ufw/applications.d.
Rules are the core components that determine how incoming and outgoing traffic should be handled. They can be based on ports, protocols, source and destination addresses, and more.
UFW is typically pre-installed on Ubuntu systems.
For other distributions or to manually install UFW, use the appropriate package manager command:
sudo apt install ufwsudo dnf install ufwsudo pacman -S ufwsudo ufw enablesudo ufw disableSetting default policies controls how to handle traffic that does not match any specific rule.
sudo ufw default deny incomingsudo ufw default allow outgoingRules can be added based on port numbers, service names, or application profiles.
sudo ufw allow sshRules can be removed by specifying the exact rule to delete or by rule number.
sudo ufw delete allow sshsudo ufw allow 'Nginx HTTP'UFW rules can be crafted to allow or deny traffic based on port, protocol, and source/destination IPs.
sudo ufw allow 80/tcpsudo ufw allow from 192.168.1.1 to any port 22Enable logging to monitor denied packets and troubleshooting:
sudo ufw logging onUFW does not directly manage port forwarding but this can be configured through before.rules file with iptables rules.
Forward incoming traffic to a different IP:
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.2:80
COMMIT
Masquerading allows a network to share a single public IP, useful for private networks accessing the internet.
Allow LAN to access the internet through a public IP:
/etc/ufw/before.rules
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
sudo ufw status verboseMonitoring UFW logs can be crucial for identifying unauthorized access attempts or troubleshooting rule issues.
/var/log/ufw.log.