Quick take: The ufw command (Uncomplicated Firewall) is Ubuntu's easy front end to the firewall. Allow a service with sudo ufw allow OpenSSH, enable it with sudo ufw enable, and review rules with sudo ufw status.
Introduction
The ufw command (Uncomplicated Firewall) is Ubuntu's friendly front end to the powerful but complex iptables/nftables firewall. It lets you allow and deny traffic by port or service name with simple, readable commands, making host-level firewalling approachable.
This guide covers enabling the firewall without locking yourself out, allowing and denying traffic, setting default policies, and checking the current rules.
Syntax
The basic syntax of the ufw command is:
ufw [OPTIONS] COMMANDCommon Options and Parameters
The most useful options and parameters for the ufw command:
| Option | Description |
|---|---|
| enable / disable | Turn the firewall on or off. |
| status [verbose] | Show the current rules and state. |
| allow PORT/SERVICE | Allow traffic to a port or named service. |
| deny PORT/SERVICE | Deny traffic to a port or service. |
| delete RULE | Remove a previously added rule. |
| default POLICY | Set the default for incoming/outgoing traffic. |
| limit SERVICE | Rate-limit connections (brute-force protection). |
| reload | Reload the firewall rules. |
Practical Examples
Real ufw commands you can run today:
# Allow SSH BEFORE enabling (avoid lockout!)
sudo ufw allow OpenSSH
# Enable the firewall
sudo ufw enable
# Check the rules
sudo ufw status verbose
# Allow HTTP and HTTPS
sudo ufw allow 80/tcp && sudo ufw allow 443/tcp
# Allow a port only from one IP
sudo ufw allow from 203.0.113.5 to any port 22
# Rate-limit SSH against brute force
sudo ufw limit OpenSSH
# Delete a rule
sudo ufw delete allow 80/tcpTips and Best Practices
- Always allow SSH before enabling ufw on a remote server —
sudo ufw allow OpenSSHfirst, or you will lock yourself out. - Set safe defaults with
sudo ufw default deny incomingandsudo ufw default allow outgoing. - Use
ufw limiton SSH to throttle repeated connection attempts and blunt brute-force attacks.
Final Thoughts
ufw makes host firewalling on Ubuntu genuinely simple — allow and deny by port or service in one readable line. The cardinal rule on a remote server is to allow SSH before enabling, then set deny-incoming defaults and open only what you need. For complex rule sets, ufw sits on top of iptables, which you can still use directly when required.
FAQ: ufw Command in Linux
How do I enable the firewall on Ubuntu?+
Run sudo ufw enable. On a remote server, first run sudo ufw allow OpenSSH so you do not lock yourself out, then enable it.
How do I open a port with ufw?+
Use sudo ufw allow followed by the port or service, for example sudo ufw allow 443/tcp or sudo ufw allow 'Nginx Full'. Check it with sudo ufw status.
How do I check my firewall rules?+
Run sudo ufw status for a summary or sudo ufw status verbose for defaults and full details. Use sudo ufw status numbered to see rule numbers for deletion.
How do I allow a port from only one IP address?+
Use the from clause: sudo ufw allow from 203.0.113.5 to any port 22 permits SSH only from that address.
How do I avoid locking myself out with ufw?+
Allow your SSH access before enabling the firewall (sudo ufw allow OpenSSH), and double-check the rule with sudo ufw status before running sudo ufw enable.
Need help with Linux servers or infrastructure?
Work directly with Muhammad Irfan Aslam for Linux, Ubuntu, Docker, DevOps, cloud, CI/CD, or infrastructure support.
Hire Me for Support