Ubuntu Firewall Configuration for version 16.04 [Simple UFW configuration Tutorial]


Firewall is the main gate to restrict the unwanted traffic to the site. It is simple to use.

The expansion of UFW is uncomplicated firewall. UFW is just an layer for the IP tables.

You can directly use IP tables to setup the firewall configuration, only if you are an expert.

If not, you should go with ufw.

Here in this tutorial, let us see how to use UFW to secure the Ubuntu operating system and restrict the access to the applications inside the server.


After that, you have to install UFW from ubuntu repository. Use the below command to install UFW on Ubuntu.

$ sudo apt-get install ufw

UFW configuration – Enable IPv6 Support

Here, in this tutorial, we will use IPv4 to demonstrate setup. You can also configure UFW to manage IPv6 connection.

For that, you have to edit the UFW configuration file and enable the UFW for IPv6.

First, open UFW configuration file using nano editor.

$ sudo nano /etc/default/ufw

Check the file and you can see the IPv6 there. Make sure to set IPv6=yes.


Then, save and close the file.

Here after, the UFW will be able to manage both IPv4 and IPv6. We have not enabled the UFW yet to function. before that, we have to make sure, that UFW configuration allows us to connect with our server through SSH.

Once, i forgot to verify and simply enabled the UFW. After that, i could not connect to the server.

So, make sure to verify the UFW configuration.

Default Policy Setup

This is very important step and we have to define our default policy to handle the traffic which does not comply with any of our firewall defined rules..

By Default, UFW will deny all the incoming connections if they are not complying with existing rules and it allows all the outgoing connections. Any application inside the firewall can send traffic outside.

Here is the command lines to define the default policies.

$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing

This setup is ok if you are using any Desktop or laptop with Ubuntu. Here, outsider cannot access your server. This also suits for cloud server.


For a cloud server, we have to allow SSH connection to the server, so that we can connect and access the server to do some operations.

Enable the SSH Connection

To enable the SSH connection in the firewall, just use the below command.

$ sudo ufw allow ssh

Most of the command you see in UFW are very simple to use but powerful yet.

If you mistakenly do something, then you will be in trouble.

In the above command, the UFW function will be enabling the port 22 for accepting connections from outside.

This is port used by SSH and UFW knows this by reading the services and their ports listed in /etc/services. 

You can also directly mention the port number on UFW to allow just without mentioning the service.

$ sudo ufw allow 22


To secure the server and avoid outside attacks, you can change the service port number. For example you can change SSH port number and enable that on ufw. This less effective, but still prevent a lot of people from trying to access the server.

Once you done with the above step, now you can enable the firewall without any hesitation.

To enable ufw, use this simple command line.

$ sudo ufw enable

When you execute this command, it prompt a warning that it may interrupt the existing SSH connection.

You dont need to worry about it and you can just proceed with the next step by Entering Yes.

Allowing the HTTP traffic.

$ sudo ufw allow http


sudo ufw allow 80

Allowing HTTPS traffic

$ sudo ufw allow https


$ sudo ufw allow 443

Allowing FTP port

$ sudo ufw allow ftp


$ sudo ufw allow 21/tcp

Other than this, if you want to allow traffic to any other port, just mention whether you want to allow TCP or UDP.

Here is the sample command.

$ sudo ufe allow 9867/tcp

Allowing IP address to access the ports.

If you want to allow UFW to access a specific IP, then you can do that by mentioning that IP.

$ sudo ufw allow from

If you want to add port to the IP address, use the below command.

$ sudo ufw allow from to any port 22

You can also reverse the changes by adding deny instead of allow.

This will restrict the connection from specific IP address. If you have done this to port, all the connection request to the port will be rejected.

$ sudo ufw deny from to any port 22

Deleting the Rules

Sometimes, you will want to delete the rules. You can do that in two ways.

One is by mentioning the rule number. The other is mentioning the actual rule in the command to delete.

Here is the method for deleting the rule by number.

First, you have to find the rule number of your rule. For that, use the below command.

$ sudo ufw status numbered

You can see the rules listed with numbers like below one.

Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22                         ALLOW IN
[ 2] 80                         ALLOW IN    Anywhere

Go through the rule and find the number of the rule which you want to delete and execute command as mentioned below.

$ sudo ufw delete 2

The second thing is directly mention the rule in the command to delete it.

Here is how. I want to delete http rule. So, i will use this one.

$ sudo ufw delete allow http

Check UFW Status

If you want to check your UFW status, use the verbos command. It will return the status of the UFW.

$ sudo ufw status verbose

You will see the output either active or inactive.

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere

If ufw is inactive, you will only see the following output.

Status: inactive

Disable Firewall & Reset UFW

You can disable the firewall  by just using the below command.

$ sudo ufw disable

You can reset the entire firewall by using the reset command.

$ sudo ufw reset

Make sure, you first disable the ufw and reset the connection.


Today, you have learnt how to configure UFW on Ubuntu 16.04 system. If you have queries or doubts, please leave them in the command.

Make sure to subscribe to the upcoming cloud tutorial. You will be notified once the tutorial goes live.


Share on facebook
Share on twitter
Share on linkedin

Leave a Comment