How to Add Custom Firewall Rules on Ubuntu

By On Friday, January 05, 2024
A software firewall for a Linux desktop

Firewalls are a must on every operating system to deal with both traffic management and to deter hackers from gaining access to your computer. Nowadays, firewalls are available for almost every platform and Linux is no different. Today, we're going to learn about creating custom traffic filtering rules for a firewall on a Ubuntu computer. It's easy to do but can be messy as well, if not done correctly. If available, I suggest playing with firewall rules on a spare computer to get familiar with how things work. So, let's get started and learn to create custom firewall rules on a Ubuntu machine.

A software firewall for a Linux desktop

Remember, the more custom firewall rules you create, the more you have to spend on managing them. So, before you create a custom rule, always make sure if it is necessary or not.

Read Also:
Best Practices for Managing and Running a Firewall on a Computer

After going through this tutorial, you'll be able to add, delete, and edit custom firewall rules on your Ubuntu computer. The tool used below can be used on other Linux distributions as well.

Understanding the Basics

By default, the firewall management tool is iptables on Ubuntu. But, using it can be a bit overwhelming for slightly technically challenged users.

To make things easier for firewall management, Uncomplicated Firewall (UFW) is the best option and that's what we're going to use in this tutorial.

Install UFW

Although UFW comes preinstalled on an Ubuntu machine, still, if it is still not available on your system, you can install it using the following command.

# Install Uncomplicated Firewall (UFW)
sudo apt update
sudo apt install ufw

# Install Uncomplicated Firewall (UFW) GUI Application
sudo apt-get install gufw

As you can see, a GUI interface is also available, in case you do not prefer command-line usage.

Check Firewall Status

Best practices encourage users to always first check the current status of the firewall. You can check it using the following command.

# Check firewall status
sudo ufw status

If the firewall is currently in an inactive state, the command shown above will display the status.

Enable or Disable Firewall

To enable or disable the ufw firewall, use the following commands.

# Enable firewall
sudo ufw enable

# Disable firewall
sudo ufw disable

It is highly recommended to reboot your Ubuntu computer after enabling or disabling the computer. Failing to do so may result in unwanted traffic behavior.

Read Also:
How to Send HTTP Requests on Linux From the Command Line

Managing Traffic on IP Addresses and Ports

While creating custom firewall rules, the most common action is to allow or deny traffic from specific IP addresses. And, that's what we're going to learn. Here we go!

# Allow incoming packets from a specific IP address
sudo ufw allow from 111.11.33.44

# Deny incoming packets from a specific IP address
sudo ufw deny from 111.11.33.44

To allow traffic from a subnet mask for a range of IP addresses in a local network, use the following command.

# Allow incoming packets from a range of IP addresses
sudo ufw allow from 192.168.1.10/18

A more advanced rule may involve port and protocol too. Here's an example.

# Deny incoming packets from a specific IP address for port 22 and protocol TCP
sudo ufw deny from 111.11.33.44 to any port 3457 proto tcp

If you think you've messed up the traffic and want to roll back to the default firewall state, use the following command.

# Reset firewall to the default state
sudo ufw reset

If you want to delete any custom rule, simply prefix that rule with the delete directive. Here's how you should do it.

# Delete the rule → (Allow incoming packets from a range of IP addresses)
sudo ufw delete allow from 192.168.1.10/18

If you have a large set of custom rules and you want to delete a specific one but don't remember the command you used earlier, use the rule number to delete it easily.

To do that, first of all, list the rules with their ID number using the following command.

# List the rules with their ID numbers
sudo ufw status numbered

And once, you've picked the rule from the list, use its ID number to delete it easily.

# Delete a rule using its ID number
sudo ufw delete 27

At times, you may want to revert to the default filtering rules for the firewall. To do that, use the following commands.

# Revert to the default filtering rules
sudo ufw default deny incoming
sudo ufw default allow outgoing

Remember, whenever you turn on UFW, the default traffic rules are good enough for home usage. So, in normal cases, an average home user may never fiddle with these default settings.

In the end, one must understand that customizing firewall filtering rules is a serious exercise. Unless you're not clear what you're doing, do not create such custom rules.