📅 February 03, 2026
5 min read
DevOps / Infrastructure

How to Set Up a Firewall on Ubuntu

A step-by-step guide to setting up and managing the Uncomplicated Firewall (UFW) │ on Ubuntu, covering installation, default policies, allowing/denying traffic, │ and managing rules for essential services like SSH and HTTP/HTTPS.

Beginner

Setting up a firewall on Ubuntu is crucial for securing your server by controlling network traffic. Ubuntu uses ufw (Uncomplicated Firewall) as a user-friendly front-end for managing iptables. This guide will walk you through the essential steps to configure UFW.

1. Check UFW Status and Install if Necessary

First, check if UFW is already active on your system:

sudo ufw status verbose

If UFW is not installed, you can install it using:

sudo apt update
sudo apt install ufw

2. Set Default Policies

It's best practice to deny all incoming connections by default and allow all outgoing connections. This ensures that only explicitly allowed traffic can reach your server.

sudo ufw default deny incoming
sudo ufw default allow outgoing

3. Allow Essential Connections (Especially SSH)

Before enabling the firewall, it's critical to allow SSH connections to avoid locking yourself out of your server, especially if you're connected remotely.

  • Allow SSH: bash sudo ufw allow ssh # Or, if you use a custom SSH port (e.g., 2222): # sudo ufw allow 2222/tcp

4. Enable UFW

Once you've ensured SSH access is allowed, enable the firewall:

sudo ufw enable

You will be prompted to confirm, as enabling the firewall might disrupt existing connections. Type y and press ENTER.

5. Allow Other Necessary Services

Allow traffic for any other services your server needs to provide.

  • HTTP (Port 80): For web servers. bash sudo ufw allow http # or sudo ufw allow 80/tcp
  • HTTPS (Port 443): For secure web traffic. bash sudo ufw allow https # or sudo ufw allow 443/tcp
  • Specific Ports: For other applications, allow their specific ports. For example, to allow traffic on port 8080: bash sudo ufw allow 8080/tcp
  • Allow from Specific IP Addresses: To allow access only from a trusted IP address: bash sudo ufw allow from 203.0.113.100 to any port 22 proto tcp

6. Deny Unnecessary Connections

While the default policy denies incoming traffic, you might want to explicitly deny specific ports or IPs if they were previously allowed or if you need to override a broader rule.

  • Deny a specific port: bash sudo ufw deny 23/tcp

7. Check Status and Rules

Always verify your firewall's status and rules after making changes:

sudo ufw status verbose

This command shows the firewall's status, default policies, and a list of all active rules.

8. Disable or Reset UFW (Optional)

  • To disable UFW: bash sudo ufw disable This will turn off the firewall but keep your configured rules.
  • To reset UFW to its default state (disabling and deleting all rules): bash sudo ufw reset You will be prompted to confirm this action.

By following these steps, you can effectively set up and manage a firewall on your Ubuntu server, significantly enhancing its security.