UFW Manage Your Linux Firewall

Learn how to set up and operate UFW for straightforward Linux firewall protection and testing.

04.06.2026 | reading time: 2 min

UFW is a command-line front end that makes host firewalling simple and repeatable; it helps the administrator allow or deny traffic without wrestling with raw iptables or nftables rules.

Quick Setup Example

Follow these commands to create a safe baseline for a remote server: ```bash $ sudo ufw default deny incoming $ sudo ufw default allow outgoing $ sudo ufw allow ssh $ sudo ufw allow 80/tcp $ sudo ufw enable $ sudo ufw status verbose ```A typical status response looks like this: ``` Status: active Logging: on (low) Default: deny (incoming), allow (outgoing) To Action From -- ------ ---- 22/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere ```

Practical Tricks

Do not enable UFW on a remote machine before allowing SSH; test with `ufw allow ssh` first; use `ufw status numbered` and `ufw delete <number>` to remove rules safely; for brute-force protection, use `ufw limit ssh` to apply rate limiting; apply rules for specific networks with `ufw allow from 192.0.2.0/24 to any port 22`; remember `ufw reset` clears configuration and `ufw logging on` helps troubleshooting.

When You Need More Power

UFW supports application profiles in `/etc/ufw/applications.d` and honors IPv6 when configured; for advanced packet mangling or custom chains edit `before.rules` or use nftables directly when UFW's abstraction is limiting; always verify with `sudo ufw status verbose` and with packet captures for complex cases.

Relevant Alternatives

On distributions or environments where UFW is not preferred consider `iptables` or `nftables` for low-level control and `firewalld` for dynamic zone-based firewalling; choose the tool that fits the deployment and the operator's skill set.

Next Steps

Start with a small rule set, test connectivity, then expand; mastering UFW is a practical step toward network security competence and a good preparation for certifications like CompTIA Linux+ or LPIC-1, with intensive exam preparation available at bitsandbytes.academy.

Join Bits & Bytes Academy First class LINUX exam preparation.

security network utilities setup