Uncomplicated Firewall (UFW)

Modified: 2025-11-12

UFW is a user-friendly front-end for managing iptables firewall rules in Linux. It simplifies the process of configuring firewall settings, making it easier for users to manage their system's network security. UFW is particularly popular on Ubuntu-based distributions, including Linux Mint.

[i] For this guide, we use Linux Mint operating system. This guide should be valid for all Linux distributions, only the installation process may vary.

[!] UFW is usually NOT installed or activated by default! Users must manually enable and configure UFW to secure their systems according to their specific needs.

Content

Introduction

Uncomplicated Firewall (UFW) is a user-friendly tool designed to simplify the management of a netfilter firewall. It provides a straightforward command-line interface that relies on iptables for configuration, making it particularly suitable for host-based firewalls. UFW is the default firewall configuration tool for Debian, Ubuntu, and Linux Mint. However, it is not activated by default on any of these distributions. Users must manually enable and configure UFW to secure their systems according to their specific needs.

Install UFW

UFW is usually pre-installed on Linux Mint, but if it's not, you can install it using the following command:

sudo apt update

sudo apt install ufw

Check UFW Status

Before making any changes, check the status of UFW to see if it's active and to view the current rules::

sudo ufw status

If UFW is inactive, the output will indicate that the firewall is inactive.

Enable UFW

To enable UFW, run the following command:

sudo ufw enable

You may see a warning about SSH if you are connected via SSH. Make sure to allow SSH traffic before enabling UFW if you are managing the system remotely.

Allow Specific Ports

To allow incoming traffic on specific ports, use the allow command followed by the port number. For example, to allow HTTP (port 80) and HTTPS (port 443) traffic:

sudo ufw allow 80/tcp

sudo ufw allow 443/tcp

Allow Specific IP Addresses

To allow traffic from specific IP addresses, use the allow from command followed by the IP address. For example, to allow traffic from the IP address 192.168.1.100:

sudo ufw allow from 192.168.1.100

Deny Specific IP Addresses

To deny traffic from specific IP addresses, use the deny from command followed by the IP address. For example, to deny traffic from the IP address 192.168.1.200:

sudo ufw deny from 192.168.1.200

Allow SSH

If you are managing the system remotely via SSH, ensure that SSH traffic is allowed. By default, SSH uses port 22:

sudo ufw allow ssh

Or

sudo ufw allow 22/tcp

Disable UFW

To disable UFW, run the following command:

sudo ufw disable

Reset UFW Rules

To reset all UFW rules to their default state, use the following command:

sudo ufw reset

Conclusion

UFW simplifies the management of firewall rules on Linux Mint, making it accessible even for users who are not familiar with iptables. By following the steps outlined above, you can easily set up and configure UFW to enhance your system's network security.

Official


Other