Enable or block firewall access
GNOME does not come with a firewall, so for support beyond this document check with your distribution’s support team or your organization’s IT department. Your computer should be equipped with a firewall that allows it to block programs from being accessed by other people on the internet or your network. This helps to keep your computer secure.
Many applications can use your network connection. For instance, you can share files or let someone view your desktop remotely when connected to a network. Depending on how your computer is set up, you may need to adjust the firewall to allow these services to work as intended.
Each program that provides network services uses a specific network port . To enable other computers on the network to access a service, you may need to “open” its assigned port on the firewall:
- Go to Activities in the top left corner of the screen and start your firewall application. You may need to install a firewall manager yourself if you can’t find one (for example, GUFW).
- Open or disable the port for your network service, depending on whether you want people to be able to access it or not. Which port you need to change will depend on the service .
- Save or apply the changes, following any additional instructions given by the firewall tool.
Introduction
For an introduction to firewalls, please see Firewall.
UFW — Uncomplicated Firewall
The default firewall configuration tool for Ubuntu is ufw. Developed to ease iptables firewall configuration, ufw provides a user friendly way to create an IPv4 or IPv6 host-based firewall. By default UFW is disabled.
Gufw is a GUI that is available as a frontend.
Basic Syntax and Examples
Default rules are fine for the average home user
When you turn UFW on, it uses a default set of rules (profile) that should be fine for the average home user. That’s at least the goal of the Ubuntu developers. In short, all ‘incoming’ is being denied, with some exceptions to make things easier for home users.
Enable and Disable
Enable UFW
To turn UFW on with the default set of rules:
sudo ufw enable
To check the status of UFW:
sudo ufw status verbose
The output should be like this:
youruser@yourcomputer:~$ sudo ufw status verbose [sudo] password for youruser: Status: active Logging: on (low) Default: deny (incoming), allow (outgoing) New profiles: skip youruser@yourcomputer:~$
Note that by default, deny is being applied to incoming. There are exceptions, which can be found in the output of this command:
sudo ufw show raw
You can also read the rules files in /etc/ufw (the files whose names end with .rules).
Disable UFW
To disable ufw use:
sudo ufw disable
Allow and Deny (specific rules)
Allow
sudo ufw allow /
sudo ufw allow 53
sudo ufw allow 53/tcp
sudo ufw allow 53/udp
Deny
sudo ufw deny /
sudo ufw deny 53
sudo ufw deny 53/tcp
sudo ufw deny 53/udp
Delete Existing Rule
To delete a rule, simply prefix the original rule with delete. For example, if the original rule was:
ufw deny 80/tcp
Use this to delete it:
sudo ufw delete deny 80/tcp
Services
You can also allow or deny by service name since ufw reads from /etc/services To see get a list of services:
less /etc/services
Allow by Service Name
sudo ufw allow
sudo ufw allow ssh
Deny by Service Name
sudo ufw deny
sudo ufw deny ssh
Status
Checking the status of ufw will tell you if ufw is enabled or disabled and also list the current ufw rules that are applied to your iptables.
To check the status of ufw:
sudo ufw status Firewall loaded To Action From -- ------ ---- 22:tcp DENY 192.168.0.1 22:udp DENY 192.168.0.1 22:tcp DENY 192.168.0.7 22:udp DENY 192.168.0.7 22:tcp ALLOW 192.168.0.0/24 22:udp ALLOW 192.168.0.0/24
if ufw was not enabled the output would be:
sudo ufw status Status: inactive
Logging
To enable logging use:
sudo ufw logging on
To disable logging use:
sudo ufw logging off
Advanced Syntax
You can also use a fuller syntax, specifying the source and destination addresses, ports and protocols.
Allow Access
This section shows how to allow specific access.
Allow by Specific IP
sudo ufw allow from
sudo ufw allow from 207.46.232.182
Allow by Subnet
You may use a net mask :
sudo ufw allow from 192.168.1.0/24
Allow by specific port and IP address
sudo ufw allow from to port
sudo ufw allow from 192.168.0.4 to any port 22
Allow by specific port, IP address and protocol
sudo ufw allow from to port proto
sudo ufw allow from 192.168.0.4 to any port 22 proto tcp
Enable PING
Note : Security by obscurity may be of very little actual benefit with modern cracker scripts. By default, UFW allows ping requests. You may find you wish to leave (icmp) ping requests enabled to diagnose networking problems.
In order to disable ping (icmp) requests, you need to edit /etc/ufw/before.rules and remove the following lines:
# ok icmp codes -A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT -A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT -A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT -A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT -A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
or change the «ACCEPT» to «DROP»
# ok icmp codes -A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP -A ufw-before-input -p icmp --icmp-type source-quench -j DROP -A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP -A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP -A ufw-before-input -p icmp --icmp-type echo-request -j DROP
Deny Access
Deny by specific IP
sudo ufw deny from
sudo ufw deny from 207.46.232.182
Deny by specific port and IP address
sudo ufw deny from to port
sudo ufw deny from 192.168.0.1 to any port 22
Working with numbered rules
Listing rules with a reference number
You may use status numbered to show the order and id number of rules:
sudo ufw status numbered
Editing numbered rules
Delete numbered rule
You may then delete rules using the number. This will delete the first rule and rules will shift up to fill in the list.
sudo ufw delete 1
Insert numbered rule
sudo ufw insert 1 allow from
Advanced Example
Scenario: You want to block access to port 22 from 192.168.0.1 and 192.168.0.7 but allow all other 192.168.0.x IPs to have access to port 22 using tcp
sudo ufw deny from 192.168.0.1 to any port 22 sudo ufw deny from 192.168.0.7 to any port 22 sudo ufw allow from 192.168.0.0/24 to any port 22 proto tcp
This puts the specific rules first and the generic second. Once a rule is matched the others will not be evaluated (see manual below) so you must put the specific rules first. As rules change you may need to delete old rules to ensure that new rules are put in the proper order.
To check your rules orders you can check the status; for the scenario the output below is the desired output for the rules to work properly
sudo ufw status Firewall loaded To Action From -- ------ ---- 22:tcp DENY 192.168.0.1 22:udp DENY 192.168.0.1 22:tcp DENY 192.168.0.7 22:udp DENY 192.168.0.7 22:tcp ALLOW 192.168.0.0/24
Scenario change: You want to block access to port 22 to 192.168.0.3 as well as 192.168.0.1 and 192.168.0.7.
sudo ufw delete allow from 192.168.0.0/24 to any port 22 sudo ufw status Firewall loaded To Action From -- ------ ---- 22:tcp DENY 192.168.0.1 22:udp DENY 192.168.0.1 22:tcp DENY 192.168.0.7 22:udp DENY 192.168.0.7 sudo ufw deny 192.168.0.3 to any port 22 sudo ufw allow 192.168.0.0/24 to any port 22 proto tcp sudo ufw status Firewall loaded To Action From -- ------ ---- 22:tcp DENY 192.168.0.1 22:udp DENY 192.168.0.1 22:tcp DENY 192.168.0.7 22:udp DENY 192.168.0.7 22:tcp DENY 192.168.0.3 22:udp DENY 192.168.0.3 22:tcp ALLOW 192.168.0.0/24
If you simply add the deny rule the allow would have been above it and been applied instead of the deny
Interpreting Log Entries
Based on the response to the post UFW log guide/tutorial ?.
The SPT and DPT values, along with SRC and DST values, will typically be the values you’ll focus on when analysing the firewall logs.
Pseudo Log Entry
Feb 4 23:33:37 hostname kernel: [ 3529.289825] [UFW BLOCK] IN=eth0 OUT= MAC=00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd SRC=444.333.222.111 DST=111.222.333.444 LEN=103 TOS=0x00 PREC=0x00 TTL=52 DF PROTO=UDP SPT=53 DPT=36427 LEN=83
Date
It’s good practice to watch the dates and times. If things are out of order or blocks of time are missing then an attacker probably messed with your logs.
Hostname
The server’s hostname
Uptime
The time in seconds since boot.
Logged Event
Short description of the logged event; e.g. [UFW BLOCK]
IN
If set, then the event was an incoming event.
OUT
If set, then the event was an outgoing event.
MAC
This provides a 14-byte combination of the Destination MAC, Source MAC, and EtherType fields, following the order found in the Ethernet II header. See Ethernet frame and EtherType for more information.
SRC
This indicates the source IP, who sent the packet initially. Some IPs are routable over the internet, some will only communicate over a LAN, and some will only route back to the source computer. See IP address for more information.
DST
This indicates the destination IP, who is meant to receive the packet. You can use whois.net or the cli whois to determine the owner of the IP address.
LEN
This indicates the length of the packet.
TOS
I believe this refers to the TOS field of the IPv4 header. See TCP Processing of the IPv4 Precedence Field for more information.
PREC
I believe this refers to the Precedence field of the IPv4 header.
TTL
This indicates the “Time to live” for the packet. Basically each packet will only bounce through the given number of routers before it dies and disappears. If it hasn’t found its destination before the TTL expires, then the packet will evaporate. This field keeps lost packets from clogging the internet forever. See Time to live for more information.
ID
Not sure what this one is, but it’s not really important for reading logs. It might be ufw’s internal ID system, it might be the operating system’s ID.
PROTO
This indicates the protocol of the packet — TCP or UDP. See TCP and UDP Ports Explained for more information.
SPT
This indicates the source. I believe this is the port, which the SRC IP sent the IP packet over. See List of TCP and UDP port numbers for more information.
DPT
This indicates the destination port. I believe this is the port, which the SRC IP sent its IP packet to, expecting a service to be running on this port.
WINDOW
This indicates the size of packet the sender is willing to receive.
RES
This bit is reserved for future use & is always set to 0. Basically it’s irrelevant for log reading purposes.
SYN URGP
SYN indicates that this connection requires a three-way handshake, which is typical of TCP connections. URGP indicates whether the urgent pointer field is relevant. 0 means it’s not. Doesn’t really matter for firewall log reading.
IP Blocklist for UFW
If your Ubuntu system is directly exposed to the internet, either via a public IP address or port forwarding, an IP blocklist will add another layer of protection. I created a couple of scripts that integrate with ufw and update the list daily. Full details are available on the GitHub project: https://github.com/poddmo/ufw-blocklist.
Other Resources
- For instructions on using ufw first see the official server guide.
- The most recent syntax and manual can be retrieved by getting the man page. Otherwise open a terminal window and type:
man ufw
UFW (последним исправлял пользователь poddmo 2023-09-27 04:37:13)
The material on this wiki is available under a free license, see Copyright / License for details
You can contribute to this wiki, see Wiki Guide for details
How to Enable or Disable Firewall on Ubuntu 24.04, 22.04 or 20.04
This guide will demonstrate how to enable or disable the firewall on Ubuntu 24.04, 22.04, or 20.04 using command-line instructions, as well as how to install GUFW (Graphical Firewall UI) for those desktop users who prefer to manage UFW without delving into CLI commands.
Understanding the process of enabling or disabling the firewall on Ubuntu, be it for desktop users or system administrators on Ubuntu servers, is a vital skill in maintaining network security. Here’s why mastering these skills is important:
- Enhanced Security: Properly configuring your firewall is key to protecting your system from unwanted access and potential security threats.
- Customized Control: Knowing how to handle firewall settings allows for tailored security measures, fitting specific needs and scenarios.
- System Optimization: Efficient firewall management can help optimize system performance by regulating network traffic.
- Risk Management: Being able to swiftly enable or disable firewall settings is crucial during troubleshooting and mitigating network-related issues.
Now, let’s proceed with how to enable or disable the firewall on your Ubuntu server or desktop with just a few simple commands.
Table of Contents
Check UFW Firewall Status on Ubuntu
To begin, Ubuntu newcomers should launch the command terminal. This can be accessed by navigating to the top right-hand corner, selecting Activities, then Show Applications, and finally Terminal.
Once the terminal is open, you can determine the current status of your UFW (Uncomplicated Firewall) by executing the following command:
sudo ufw statusAn example of what you might see after running this command is shown below:
This output indicates that the firewall is inactive. It’s important to note that Ubuntu, by default, does not activate the firewall in new installations.
Enable UFW Firewall on Ubuntu Linux
Enabling the UFW (Uncomplicated Firewall) on Ubuntu is a crucial step in securing your system. By default, enabling UFW will block all incoming connections while allowing all outgoing connections.
Precaution for Remote Access
If you are a server user or remotely connected via SSH, it’s essential to add rules to UFW before activating it. This step ensures you don’t lose access to your server. Execute the following command to allow SSH:
sudo ufw allow sshNote: Desktop users unfamiliar with SSH can skip this step.
Example Output:
joshua@ubuntu-linux:~$ sudo ufw allow ssh Rules updated Rules updated (v6)
Activating the Firewall
Now, proceed to enable the UFW using the command below:
sudo ufw enableExample Output:
Verifying Firewall Status
After enabling UFW, it’s good practice to verify its status. Use the following command to check:
sudo ufw statusExample Output:
For users who allowed SSH access, you will see it listed under the ‘Action’ column.
Detailed Firewall Status
For a more comprehensive view, including default policies and logging levels, use:
sudo ufw status verboseExample Output:
This detailed view confirms that the default settings are to deny incoming and allow outgoing connections.
Disable UFW Firewall on Ubuntu Linux
In the event you need to disable your UFW firewall, use the following command:
sudo ufw disableExample Output:
Disabling the firewall will cease all its operations and remove the security measures previously set.
Install UFW Firewall GUI on Ubuntu
Installing GUFW
For Linux beginners who prefer not to use the terminal extensively, installing a graphical interface for UFW (Uncomplicated Firewall) simplifies firewall management. You can install GUFW, a user-friendly GUI for UFW, with the following command:
sudo apt install gufwAccessing GUFW
After installing GUFW, access it by navigating to the top left-hand corner of your screen, selecting Activities, and then Show Applications. In the application menu, look for Firewall Configuration.
Using GUFW Interface
With GUFW, you can easily enable or disable the UFW firewall. The GUI provides a straightforward toggle for this, as demonstrated in the image below, showing the firewall status as ‘off’:
Managing Firewall Settings
GUFW offers an intuitive interface to manage various aspects of your firewall. You can:
- Adjust default settings for incoming and outgoing connections.
- Check the current status of the firewall.
- Create custom firewall rules.
- View logs and reports.
This graphical interface makes firewall management more accessible and less daunting for users who are not comfortable with command-line operations.
Conclusion
Throughout this guide, we’ve navigated the essentials of managing your firewall on Ubuntu, such as how to enable or disable UFW, covering versions 24.04, 22.04, and 20.04. Whether you’re comfortable with command-line magic or prefer the graphical simplicity of GUFW, you now have the tools to keep your system secure. Remember, regularly checking and updating your firewall settings is key to maintaining robust security.
How to Enable/Disable Firewall on Ubuntu 20.04
Enable/Disable Firewall on Ubuntu 20.04 with our step-by-step tutorial. It is a vital network security device that acts as a protective barrier.
Table of Contents
Introduction
Before we begin talking about how to enable/disable Firewall on Ubuntu 20.04, let’s briefly understand – What is Firewall?
A firewall is a vital network security device that acts as a protective barrier. It monitors and filters data traffic, allowing safe connections while blocking unauthorized access and malicious activities. With a firewall, you can ensure the security and integrity of your network, defending against cyber threats effectively.
Acting as a virtual wall, it monitors incoming and outgoing traffic, filtering and analyzing data packets to allow safe connections and block suspicious or malicious activities. By controlling access to your network, a firewall ensures the confidentiality, integrity, and availability of your data while keeping hackers and threats at bay.
In this tutorial, you will enable/disable Firewall in an independent environment on Ubuntu 20.04. We will also address a few FAQs on how to enable/disable Firewall on Ubuntu 20.04.
Advantages of Firewall
- Security: Firewalls protect against cyber threats and unauthorized access, ensuring the safety of your network and data.
- Control: They give you control over incoming and outgoing traffic, allowing you to block or allow specific connections.
- Privacy: Firewalls safeguard your privacy by preventing unauthorized users from accessing your network.
- Filtering: They filter out malicious content, stopping viruses, malware, and other harmful elements from entering your network.
- Monitoring: Firewalls monitor network traffic, providing insights into potential security breaches and helping you respond promptly.
Software Requirements and Conventions Used
| Category | Requirements, Conventions or Software Version Used |
|---|---|
| System | Installed or updated Ubuntu 20.04 Focal Fossa |
| Software | ufw (uncomplicated firewall) |
| Other | privileged access with the sudo command or as root to your Linux system. |
| Conventions | # – requires the use of the sudo command or running the given linux commands as the root user with root privileges; $ – required that the given Linux commands be run as a regular, non-privileged user. |
Steps to enable/disable firewall on Ubuntu 20.04
Firstly, check the firewall’s status to see if it is on or off should be our initial action.
sudo ufw status Status: active Our firewall is currently active (on), as may be seen here. Add the verbose option to get more information about your current firewall settings.
sudo ufw status verbose After that, use the next command to disable the Ubuntu firewall.
sudo ufw disable You can use the following command if you decide you need to re-enable the Ubuntu firewall in the future.
sudo ufw enable Warning: Please be aware that if you are currently using SSH to remotely log in to your Ubuntu server, turning on your firewall may cause you to lose connection.
Enable or Disable Ubuntu firewall using GUI
You must use the following command to install the gufw package in order to control ufw using a GUI.
sudo apt install gufw Launch the gufw programme after that, and select the Status option to enable or disable the firewall. For extra assistance, view the video below.
FAQs to Enable/Disable Firewall on Ubuntu 20.04
How can I check if the firewall is enabled or disabled?
Type sudo ufw status in the terminal. It will display the status of the firewall, whether it is active or inactive.
Can I selectively enable or disable certain ports or services?
Yes, you can. Use commands like sudo ufw allow [port] or sudo ufw deny [port] to customize firewall rules for specific services or ports.
Will enabling the firewall disrupt my internet connection or other applications?
No, enabling the firewall shouldn’t disrupt your internet connection or other applications. It only filters network traffic based on predefined rules.
Can I configure the firewall to allow specific IP addresses or ranges?
Absolutely. You can use commands such as sudo ufw allow from [IP address] or sudo ufw allow from [IP range] to allow specific IP addresses or ranges.
How can I block an IP address from accessing my Ubuntu system?
Use the command sudo ufw deny from [IP address] to block a specific IP address from accessing your system.
Does Ubuntu 20.04 come with a pre-installed firewall?
Yes, Ubuntu 20.04 comes with a pre-installed firewall called UFW (Uncomplicated Firewall). However, it may not be enabled by default.
Do I need to restart my system after enabling or disabling the firewall with UFW?
No, you don’t need to restart your system after enabling or disabling the firewall using UFW. Changes take effect immediately.
Conclusion
You learnt how to activate or deactivate Ubuntu 20.04’s system firewall (ufw) in this tutorial. Also, you learned how to view the firewall’s current state. The firewall won’t typically need to be disabled unless you want to test something or something similar.
If you have any suggestions or queries, kindly leave them in the comments section.