Ubuntu Server UFW Firewall Commands
- # – requires given linux commands to be executed with root privileges either directly as a root user or by use of
- $ – requires given linux commands to be executed as a regular non-privileged user
Open incoming TCP port 10000 to any source IP address:
$ sudo ufw allow from any to any port 10000 proto tcp
Open incoming TCP port 443 to only specific source IP address eg.
$ sudo ufw allow from 10.1.1.231 to any port 443 proto tcp
Open incoming UDP port 53 to source subnet eg.
$ sudo ufw allow from 10.1.1.0/8 to any port 53 proto udp
Open incoming TCP ports 20 and 21 from any source, such as when running FTP server:
$ sudo ufw allow from any to any port 20,21 proto tcp
List All UFW rules
Use the following linux command to list all currently enabled rules:
$ sudo ufw status Status: active To Action From -- ------ ---- 10000/tcp ALLOW Anywhere 443/tcp ALLOW 10.1.1.231 53/udp ALLOW 10.0.0.0/8 20,21/tcp ALLOW Anywhere 10000/tcp (v6) ALLOW Anywhere (v6) 20,21/tcp (v6) ALLOW Anywhere (v6)
Delete UFW rule
The easiest way, but perhaps not the most efficient way to remove UFW rules, is to list all rules in numbered format:
$ sudo ufw status numbered Status: active To Action From -- ------ ---- [ 1] 10000/tcp ALLOW IN Anywhere [ 2] 443/tcp ALLOW IN 10.1.1.231 [ 3] 53/udp ALLOW IN 10.0.0.0/8 [ 4] 20,21/tcp ALLOW IN Anywhere [ 5] 10000/tcp (v6) ALLOW IN Anywhere (v6) [ 6] 20,21/tcp (v6) ALLOW IN Anywhere (v6)
Note, the line numbers for each rule. To remove rule eg.
[ 5] execute:
$ sudo ufw delete 5 Deleting: allow 10000/tcp Proceed with operation (y|n)? y Rule deleted (v6)