Updated 05-Apr-2024
ufw is known as a Debian (and Ubuntu) firewall, which is disabled by default but easy to use. There are some GUI front-ends which make it popular for Linux on the desktop. Coming from a CentOS background (RHEL/Amazon Linux AMI), ufw is not as common (as, say firewalld, or simply iptables, to which both ufw and firewalld are more or less interfaces).
Recall that netfilter is where the actual firewalling takes place, with iptables an interface on top of that, and ufw/firewalld as interfaces on top of iptables. Given this, there is no reason why ufw or firewalld cannot be run on any Linux, provided packages (or compiling) are available.
Install and configure ufw
An example installation and configuration script:
sudo modprobe ip6table_filter
sudo apt install ufw
sudo ufw allow ssh
sudo ufw allow syncthing
sudo ufw allow syncthing-gui
sudo ufw allow http
sudo ufw allow https
sudo ufw allow Samba
sudo ufw allow CUPS
sudo ufw enable
sudo ufw reload
Note to only allow those protocols / ports which are necessary for functionality.
One can enable or disable routes and ports using port numbers, as well as config line numbers. Some basic commands:
sudo ufw status numbered
sudo ufw delete (number)
sudo ufw delete allow (app)
One can allow or disallow from ip addresses, as well as protocol (tcp/udp) and ranges. For example allow full access from a specific IP address or network:
sudo ufw allow in on eth0 from 192.168.0.0/24
Default ufw configuration
sudo nano /etc/default/ufw
Make sure IPV6=yes, and the standard defaults of DROP and ACCEPT and DROP for INPUT, OUTPUT, and FORWARD respectively. FORWARD needs to be ACCEPT for using something like OpenVPN.
Resources
- Uncomplicated Fire Wall (ufw) Debian wiki
- See comparison of commands for iptables, ufw, and firewalld
- Introduction to uncomplicated firewall (ufw)
- UFW Essentials
- How to Configure a Firewall with UFW
- UFW man pages (Ubuntu 8)
- How To Setup a Firewall with UFW
- How To Set Up a Firewall with UFW on Debian 11 (same for Debian 12 and 13)