UFW Mechanics

by Mike on October 14, 2009 · 1 comment

in Ubuntu Servers

UFW Mechanics
Now that you have some security set up it is time to just see how it all works.  The easiest method is to allow access to a specific port to everyone.  For example, if you wanted to allow everyone access to your web server on port 80 you could do this command:

sudo ufw allow 80/tcp

This allows everyone access to the web server using the tcp protocol.  Simple, but this may not be what you want to do.  Maybe you want to only allow some people access to the server.  Here is how you could limit access to your web server for just one IP Address.


Ufw is the command followed by “allow” which determines access.  The protocol must be listed as you do not want to allow udp on port 80 as it is not needed or used.  You will create security holes if you just open a port to both tcp and udp.  You must specifically indicate the protocol in each of your rules.  The “from” determines access from specific IP Addresses or subnets.  The “to any” provides access to the server and if the server is forwarding traffic, would allow access to internal machines as well.

Delete a Rule

When you want to delete a rule you will need to know what the rule was that you created and then just place ufw delete in front of the rule.


You can stop connections from specific IP Addresses or subnets by using the deny option.


If you wanted to stop all connections from a subnet you would just list that subnet:

sudo ufw deny from

Always use the status to check if your command is correct.

sudo ufw status
Status: active

To                         Action      From
–                         ——      —-
22/tcp                     ALLOW
Apache                     ALLOW       Anywhere
Anywhere                   DENY

Previous post:

Next post: