Firewall Basics — ufw and iptables
Control which network traffic reaches your Linux system using ufw for simple rule management and iptables for advanced control.
March 15, 20255 min read
linuxnetworkingfirewallufwiptablessecurity
ufw — Uncomplicated Firewall
ufw is the easiest firewall management tool for Ubuntu/Debian. It wraps iptables with a simple interface.
# Enable / disable
sudo ufw enable
sudo ufw disable
sudo ufw status verbose
# Default policies (recommended)
sudo ufw default deny incoming
sudo ufw default allow outgoing
# Allow specific ports
sudo ufw allow 22 # SSH
sudo ufw allow 80 # HTTP
sudo ufw allow 443 # HTTPS
sudo ufw allow 3000 # Custom app port
sudo ufw deny 23 # Deny telnet
# Allow by service name
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
# Allow from specific IP / subnet
sudo ufw allow from 192.168.1.100
sudo ufw allow from 192.168.1.0/24 to any port 22Manage ufw Rules
# List numbered rules
sudo ufw status numbered
# Delete by port
sudo ufw delete allow 80
# Delete by number
sudo ufw delete 3
# Reset everything
sudo ufw resetiptables — Advanced Firewall
# List rules
sudo iptables -L -n -v
# Allow SSH + HTTP/HTTPS
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# Block a specific IP
sudo iptables -A INPUT -s 10.0.0.1 -j DROP
# Drop all other incoming
sudo iptables -A INPUT -j DROP
# Save rules
sudo iptables-save > /etc/iptables.rules
# Remove a rule
sudo iptables -D INPUT -p tcp --dport 80 -j ACCEPTufw vs iptables
| Feature | ufw | iptables |
|---|---|---|
| Ease of use | ✅ Simple | ❌ Complex |
| Power | Basic | Full control |
| Best for | Servers/desktops | Advanced routing |
Always allow 22 BEFORE running ufw enable on a remote server — otherwise you may lock yourself out of SSH.
Quick Check
What is the recommended default ufw policy for incoming traffic?
Exercise
Check the current ufw status. If inactive, enable it after allowing SSH first.