linux ubuntu firewall ufw - ghdrako/doc_snipets GitHub Wiki
** Note** Firewalld is available on Ubuntu, as well. It just needs to be installed, enabled, started, and configured, and the opposite needs to be done to ufw.
ufw basically is a frontend to iptables / a command line interface for iptables
sudo ufw allow 22/tcp # before enable set rule
sudo ufw enable
sudo ufw status
sudo ufw disable
udo ufw status # check firewall status
sudo ufw status verbose # detail status
sudo ufw status numbered # Display firewall rule numbers
sudo ufw status verbose | grep -i default # Display default firewall policy
sudo ufw status | grep 22
sudo ufw status | grep -i deny
ufw status numbered
ufw delete 2
ufw delete allow from 192.168.1.10 to any port 22 proto tcp # prefixing orginal rule with ufw delete command
ufw reset # remove all firewall rules and also it will disable the UFW on Ubuntu.
ufw allow from <Remote-IP> to <local-IP>
ufw allow from 192.168.1.50
ufw allow from 192.168.1.50 to 192.168.0.10
ufw allow from 192.168.1.10 to any proto tcp # allow all network traffic related to the TCP protocol to the IP Address 192.168.1.10 from the Ubuntu firewall
ufw allow from 192.168.1.10 to any proto tcp port 80 # Open Port 80 (HTTP Traffic) to the IP Address 192.168.1.10 from Ubuntu Firewall
ufw allow from 192.168.1.0/24 to any proto tcp port 21 # Allow FTP Traffic on 192.168.1.0/24 Netwok.
The default behavior of the Ubuntu Firewall is to block all incoming traffic, So you do not want to block ports explicitly unless you set the default firewall policy to allow all incoming traffic.
ufw deny port/protocol
ufw deny 53 # block the port 53 on Ubuntu for both TCP and UDP
ufw deny 21/tcp # block the TCP port 21
ufw deny from 192.168.1.50 to any port 22 proto tcp # block the ssh port 22 to from IP ADDRESS 192.168.1.50.
ufw deny from <Remote-IP> to <Local-IP> proto <Protocol> port <Port Number>
ufw deny from 192.168.1.10 to any # block all network traffic from the IP Address 192.168.1.10.
ufw deny from 192.168.1.10 to any proto tcp port 80 # block IP Address 192.168.1.10 on TCP port 80
ufw deny from 192.168.1.50 to any proto udp port 53 # Block UDP port 53 from IP Address 192.168.1.50