UncomplicatedFirewall (UFW) is a command-line, frontend iptables manager, similar to Firewalld and ConfigServer Security & Firewall (CSF). It’s beneficial to understand basic UFW commands since it’s pre-installed with many Ubuntu-based operating systems (OSs) including Mint.
Those configuring UFW for a desktop system who prefer not to use the CLI can use the GUFW GUI application.
if you’re installing new server management software such as Apache or Webmin, you’ll need to ensure the appropriate ports are open.
Below we cover:
Open a Port in UFW
There are multiple ways to open a port in UFW. Below we cover how to open ports using the port number, service name, and custom IP/port combination.
- Log into SSH as root.
- Check if the application port is defined as a service (e.g. OpenVPN, PostgreSQL, IRC):
cat /etc/services | grep service-nameOr
cat /etc/services | grep portTo navigate the full list, use Page Up, Page Down, and arrow keys after using the
- If the service is listed, you can open the port using the service name (TCP/UDP protocol optional):
sudo ufw allow servicename
sudo ufw allow servicename/tcp
- If there is no service listed for the port, you can open the port by specifying the port and protocol (TCP/UDP):
sudo ufw allow 10000
sudo ufw allow 1352/udp
- If you need to allow all connections from a specific system or network IP address:
sudo ufw allow from 188.8.131.52
- To allow all connections from a specific IP subnet:
sudo ufw allow from 184.108.40.206/24
- To allow connections on a specific port from an IP address:
sudo ufw allow from 220.127.116.11 to any port 22
- After you open a port in UFW, ensure UFW is enabled:
sudo ufw enable
Close a Port in UFW
After you uninstall software you should close any ports you no longer need open on your system. You can accomplish this using the service name or port number.
- To close a port in UFW using the service name:
sudo ufw deny pop3
- To close a port in UFW using the port number:
sudo ufw deny 995
Check Open Ports in UFW
After making changes to any firewall, you should verify your changes to ensure they’re correct and active.
- To check whether UFW is running:
sudo ufw status
- To check whether UFW is running with additional information such as logging and profile status:
sudo ufw status verbose
- To find the rule number for UFW rules:
sudo ufw status numbered
- Then you can remove the rule:
sudo ufw delete 1
Are you looking to learn more about web server security? Check out our guide on how to harden your managed VPS or dedicated server.
Want to learn more about how to minimize risk with spam, email spoofing and other types of email-based phishing attacks? Check out our guide on how to block spam in cPanel and WHM.
Let us know if you have more questions about hardening your systems?
If you don’t need cPanel, don't pay for it. Only pay for what you need with our Cloud VPS solutions.
CentOS, Debian, or Ubuntu No cPanel Bloat SSH Key Management