Skip to the content
Cloudfanatic Knowledge baseCloudfanatic Knowledge base
  • Home
  • Log In
  • System Status
  • Home
  • Log In
  • System Status

How can we help?

e.g. ssh keys, set up mysql, ubuntu 22 mysql php nginx, account settings

Account Functions

  • Upload an ISO for your 10Gbps cloud server
  • Difference between Snapshots and Backups
  • Advanced management for 10Gbps cloud servers
  • Controlling your 10Gbps instance
  • Your Dashboard
  • Accessing your server for the first time
  • Controlling your Standard instance
  • Cloudfanatic Operating systems and Rebuilding your instance
  • DNS Manager
  • Custom ISO images

Sales & Billing

  • Cloudfanatic Crypto Payments
  • Frequently Asked Questions (FAQ)
  • Server billing
  • Automatic billing for your account
  • Server Upgrades
  • Cloudfanatic Affiliate Program
  • Automated Server backups

News & Announcements

  • Ubuntu 24.04 now generally available for all servers
  • OpenSuse now generally available for 10Gbps instances
  • Debian 12 now generally available for all instances
  • RockyLinux 9 now generally available for all instances
  • AlmaLinux 9 now generally available for all instances
  • Servercheap is now Cloudfanatic and more news
  • Ubuntu 22 now generally available for all instances
  • Cloudfanatic/Servercheap has been featured on HostAdvice
  • New 1-Click App – CyberPanel
  • New location: North Carolina
  • Cloudfanatic/Servercheap has been featured on Hostingadvice.com
  • Centos Stream now generally available for all instances
  • Cloudfanatic receives an additional new direct IP allocation from ARIN
  • Cloudfanatic is Introducing 1-Click Apps

Tutorials

  • DNS Manager
  • Accessing your server for the first time
  • Create passwordless login with SSH keys and PUTTY
  • How to copy my files to and from a linux vps
  • Ubuntu UFW Cheat sheet
  • Firewalld Cheat Sheet
  • Change SSH Port on Ubuntu 20/22
  • Change SSH Port on Debian 10/11
  • Change SSH Port on Almalinux
  • Secure Apache with Let’s Encrypt on Ubuntu 22.04
  • Setup Apache and Virtual Hosts on Ubuntu 22
  • Controlling your Standard instance
  • Home
  • Docs
  • Tutorials
  • Ubuntu UFW Cheat sheet

Ubuntu UFW Cheat sheet

Overview #

UFW (uncomplicated firewall) is a firewall configuration tool that runs on top of iptables, included by default within Ubuntu distributions. It provides a streamlined interface for configuring common firewall use cases via the command line.

This cheat sheet-style guide provides a quick reference to common UFW use cases and commands, including examples of how to allow and block services by port, network interface, and source IP address.

Let’s begin.

Verify UFW Status #

To check if ufw is enabled, run:

sudo ufw status
Status: inactive

Enable UFW #

If you got a Status: inactive message when running ufw status, it means the firewall is not yet enabled on the system. You’ll need to run a command to enable it.

To enable UFW on your system, run:

sudo ufw enable
Output
Firewall is active and enabled on system startup

See current status and firewall rules #

To see what is currently blocked or allowed, you may use the verbose parameter when running ufw status, as follows:

sudo ufw status verbose
Output
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

Disable UFW #

sudo ufw disable

Block an IP Address #

sudo ufw deny from 192.168.1.1
Output
Rule added

In this example, from 192.168.1.1 specifies a source IP address of “192.168.1.1”.

If you run sudo ufw status now, you’ll see the specified IP address listed as denied:

OutputStatus: active

To                         Action      From
--                         ------      ----
Anywhere                   DENY        192.168.1.1

Block a Subnet #

sudo ufw deny from 192.168.1.0/24

Allow an IP Address #

sudo ufw allow from 192.168.1.1

Allow Incoming Connections to a Network Interface

sudo ufw allow in on eth0 from 192.168.1.1

Delete UFW Rule #

To delete a rule that you previously set up within UFW, use ufw delete followed by the rule (allow or deny) and the target specification. The following example would delete a rule previously set to allow all connections from an IP address of 192.168.1.1:

sudo ufw delete allow from 192.168.1.1

Another way to specify which rule you want to delete is by providing the rule ID. This information can be obtained with the following command:

sudo ufw status numbered
Output
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] Anywhere                   DENY IN     192.168.1.1             
[ 2] Anywhere on eth0           ALLOW IN    192.168.1.1   

All rules are numbered starting with the number or ID of 1 and increasing by 1. If we want to remove rule number 1 we would run:

sudo ufw delete 1

List Available Application Profiles #

Upon installation, applications that rely on network communications will typically set up a UFW profile that you can use to allow connection from external addresses. This is often the same as running ufw allow from, with the advantage of providing a shortcut that abstracts the specific port numbers a service uses and provides a user-friendly nomenclature to referenced services.

To list which profiles are currently available, run the following:

sudo ufw app list
Output
Available applications:
  OpenSSH

Enable Application Profile #

sudo ufw allow “OpenSSH”
Output
Rule added
Rule added (v6)

Disable Application Profile #

sudo ufw delete allow "OpenSSH"

Allow Incoming PORT from Specific IP Address or Subnet #

sudo ufw allow from 192.168.1.1 proto tcp to any port 7788
sudo ufw allow from 192.168.1.0/24 proto tcp to any port 1584

Allow All Incoming Connections to Port #

sudo ufw allow proto tcp from any to any port 80,443

Conclusion #

UFW is a powerful tool that can greatly improve the security of your servers when properly configured. This reference guide covers some common UFW rules that are often used to configure a firewall on Ubuntu. The official UFW page on Ubuntu’s documentation is another resource you can use as reference for more advanced use cases and examples.

Share This Article :
  • Facebook
  • Twitter
  • LinkedIn
Still stuck? How can we help?

How can we help?

Updated on November 1, 2022
How to copy my files to and from a linux vpsFirewalld Cheat Sheet

Powered by BetterDocs

Table of Contents
  • Overview
  • Verify UFW Status
  • Enable UFW
  • See current status and firewall rules
  • Disable UFW
  • Block an IP Address
  • Block a Subnet
  • Allow an IP Address
  • Delete UFW Rule
  • List Available Application Profiles
  • Enable Application Profile
  • Disable Application Profile
  • Allow Incoming PORT from Specific IP Address or Subnet
  • Allow All Incoming Connections to Port
  • Conclusion

© 2025 Cloudfanatic Knowledge base

Powered by WordPress

To the top ↑ Up ↑