ufw is known as a Debian (and Ubuntu) firewall, which is disabled by default but easy to use. There are some GUI front-ends which make it popular for Linux on the desktop. Coming from a CentOS background (RHEL/Amazon Linux AMI), ufw is not as common (as, say firewalld, or simply iptables, to which both ufw and firewalld are more or less interfaces).
Recall that netfilter is where the actual firewalling takes place, with iptables an interface on top of that, and ufw/firewalld as interfaces on top of iptables. Given this, there is no reason why ufw or firewalld cannot be run on any Linux, provided packages (or compiling) are available.
Install and configure ufw
An example installation and configuration script:
sudo apt install ufw sudo ufw allow ssh sudo ufw allow syncthing sudo ufw allow syncthing-gui sudo ufw allow http sudo ufw allow https sudo ufw allow Samba sudo ufw allow CUPS sudo ufw enable sudo ufw reload
Note to only allow those protocols / ports which are necessary for functionality.
One can enable or disable routes and ports using port numbers, as well as config line numbers. Some basic commands:
sudo ufw status numbered sudo ufw delete (number) sudo ufw delete allow (app)
One can allow or disallow from ip addresses, as well as protocol (tcp/udp) and ranges. For example allow full access from a specific IP address or network:
sudo ufw allow in on eth0 from 192.168.0.0/24
Default ufw configuration
sudo nano /etc/default/ufw
IPV6=yes, and the standard defaults of DROP and ACCEPT and DROP for INPUT, OUTPUT, and FORWARD respectively. FORWARD needs to be ACCEPT for using something like OpenVPN.
- Uncomplicated Fire Wall (ufw) Debian wiki
- See comparison of commands for iptables, ufw, and firewalld
- Introduction to uncomplicated firewall (ufw)
- UFW Essentials
- How to Configure a Firewall with UFW
- UFW man pages (Ubuntu 8)
- How To Setup a Firewall with UFW
- How To Set Up a Firewall with UFW on Debian 11 (same for Debian 12 and 13)