How to open a port in UFW

Opening a port in UFW is a fundamental task for network and system administrators who need to control access to services running on a Linux server. UFW provides a simplified interface for configuring a firewall on Ubuntu and other Debian-based systems. The purpose of this article is to provide a short step-by-step guide on how to open a specific port in UFW, as well as discuss several other useful examples of using this firewall.

What is UFW

UFW (for Uncomplicated Firewall) is a convenient interface for managing iptables firewall rules on Linux systems. Designed for ease of use, it simplifies the firewall configuration process and helps administrators implement security policies with minimal effort. By default, UFW is configured to deny all incoming connections and allow all outgoing connections, providing a basic level of security.

Now, without much preamble, we suggest you immediately start practicing.

Checking UFW Status

Before making any changes, it is essential to check the current status of UFW to understand the existing configuration. This can be done using the following command:

    sudo ufw status

This command will display the status of UFW (active or inactive) and list the current rules. If UFW is inactive, you can enable it with:

    sudo ufw enable

Opening a Port in UFW

To open a port in UFW, you use the ufw allow command followed by the port number and, optionally, the protocol (TCP or UDP). For example, to open port 80 for HTTP traffic, you would use:

    sudo ufw allow 80/tcp

This command allows incoming TCP traffic on port 80. If the protocol is not specified, UFW will open the port for both TCP and UDP traffic by default.

For example, to open port 22 for SSH, you would use the following command:

    sudo ufw allow 22/tcp

After executing this command, you should check the status again to confirm the rule has been added:

    sudo ufw status

Other articles on the topic of administering Linux servers:

    - How to Get Your Linux IP Address in Different Ways

    - A short Linux cheat sheet for new hosting users: from logging into a server to setting up a web server.

    - How to install cPanel on Ubuntu 20.04

    - How to add or remove a user on Linux systems

Allowing Ports from Specific IP Addresses

In some cases, you might want to restrict access to a port to specific IP addresses. This can enhance security by limiting the number of potential sources of unauthorized access. The syntax for this is:

    sudo ufw allow from <IP_ADDRESS> to any port <PORT_NUMBER>

For example, to allow SSH access only from the IP address 192.168.1.100, you would use:

    sudo ufw allow from 192.168.1.100 to any port 22

Listing UFW Rules

To view all the rules configured in UFW, you can use the following command:

    sudo ufw status numbered

This command lists all the rules with numbers, making it easy to reference or delete specific rules.

Deleting UFW Rules

If you need to remove a rule, you can use the delete command followed by the rule number. First, list the rules to identify the number:

    sudo ufw status numbered

Then, delete the rule using its number. For example, to delete rule number 3, you would use:

    sudo ufw delete 3

Advanced Configuration: Allowing Ranges and Subnets

UFW also supports more advanced configurations, such as allowing entire subnets or ranges of ports. To allow a range of ports, use the following syntax:

    sudo ufw allow <START_PORT>:<END_PORT>/tcp

For example, to allow ports 1000 to 2000 for TCP traffic:

    sudo ufw allow 1000:2000/tcp

To allow a subnet, use:

    sudo ufw allow from <SUBNET>

For example, to allow traffic from the subnet 192.168.1.0/24:

    sudo ufw allow from 192.168.1.0/24

Ensuring Security with UFW

While opening ports is necessary for the functionality of various services, it is crucial to ensure that only the necessary ports are open and that access is limited to trusted sources whenever possible. Regularly reviewing the UFW rules with ufw status and auditing open ports can help maintain a secure server environment.

Conclusion

You see, opening a port in UFW is a primitively simple process, but it significantly affects the network security and availability of your server. By learning how to properly configure a firewall, administrators can ensure that their systems are secure and functional. In this brief reference, we looked at only one of the huge number of options for using UFW, and if you want to learn more about this really useful tool, go to the official manual.