What is UFW?
UFW (Uncomplicated Firewall) is a frontend for iptables on Linux. It makes firewall management simple. It's installed by default on Ubuntu and available on Debian and other distros.
Essential Commands
sudo ufw enable — Turn on the firewall (takes effect immediately).
sudo ufw disable — Turn off the firewall (all traffic allowed).
sudo ufw status — Show active rules and status.
sudo ufw status verbose — More detail: shows default policies too.
sudo ufw status numbered — Shows rules with numbers for easy deletion.
sudo ufw reload — Reload rules after editing config files.
sudo ufw reset — ⚠️ Delete all rules and disable UFW. Use carefully.
How Rules Work
UFW processes rules in order — the first matching rule wins. Put specific rules before broad ones. Rules you add go before the default policy.
Deleting Rules
First: sudo ufw status numbered to see rule numbers.
Then: sudo ufw delete 3 to delete rule #3.
Or by specification: sudo ufw delete allow 80/tcp
Common Gotchas
⚠️ Always allow SSH before enabling UFW! Run sudo ufw allow ssh or sudo ufw allow 22 before ufw enable or you'll lock yourself out.
⚠️ Enabling UFW on a remote server without SSH allowed = permanent lockout.
limit vs deny
limit allows connections but blocks IPs making more than 6 in 30 seconds. Best for SSH to block brute force while still allowing legitimate access.
deny silently drops packets. reject sends an ICMP error back — slightly more honest but reveals the port exists.
Logging
Logs go to /var/log/ufw.log. Use sudo tail -f /var/log/ufw.log to watch live. low is usually enough for most servers.
IPv6
Set IPV6=yes in /etc/default/ufw and rules apply to both IPv4 and IPv6. Otherwise only IPv4 is firewalled.
After Config File Changes
If you edit /etc/default/ufw or /etc/ufw/before.rules, run sudo ufw reload to apply.