Introduction
A firewall is the first line of defense for a server against network attacks. In 2026, properly configuring UFW (Uncomplicated Firewall) remains essential for any beginner Linux administrator. This tool simplifies iptables while providing granular control over incoming and outgoing connections. You will learn how to install UFW, define basic rules, and enable protection without blocking your own access. Each step includes concrete examples tailored for a recent Ubuntu server.
Prerequisites
- An Ubuntu 22.04 or 24.04 server
- Root or sudo access
- Active SSH connection
- Basic command line knowledge
Installing UFW
sudo apt update
sudo apt install ufw -yThis command updates packages and installs UFW, the simplified interface for managing the netfilter firewall on Ubuntu.
Checking Initial Status
Before making any changes, it is crucial to verify the firewall status to avoid locking yourself out of the server.
Check Firewall Status
sudo ufw status verboseDisplays the detailed firewall status, default rules, and available application profiles.
Allow SSH
sudo ufw allow OpenSSHAllows SSH connections on port 22. Use the OpenSSH profile instead of a port number for better clarity.
Allow Web Traffic
sudo ufw allow 'Nginx Full'Allows both HTTP (80) and HTTPS (443) using the Nginx Full profile when running Nginx as a web server.
Enable the Firewall
sudo ufw enableActivates the firewall with the defined rules. Confirm with 'y' when prompted.
Best Practices
- Always allow SSH before enabling the firewall
- Use application profiles rather than port numbers
- Check status after every change
- Save a backup rule before major modifications
- Restrict access by IP when possible
Common Mistakes to Avoid
- Enabling the firewall without allowing SSH first
- Using overly permissive rules like 'allow 22'
- Forgetting to reload rules after changes
- Not testing the SSH connection after activation
Going Further
Explore our advanced training on Linux security and network management at Learni Group.