800-862-5965 sales@macminivault.com
Frequently Asked Questions
< All Topics

Managing firewall rules in Ubuntu Server

Ubuntu comes with a built-in firewall management tool called UFW (uncomplicated firewall). Below are several commands that will help manage UFW. Ensure SSH access is allowed before enabling UFW, otherwise, access to the server may be blocked.

By default, UFW will block all incoming connections and allow all outgoing connections. If this has been changed, the defaults can be restored with these commands:

sudo ufw default deny incoming
sudo ufw default allow outgoing

At a minimum, you will want to add a rule allowing inbound SSH traffic:

sudo ufw allow ssh

Instead of “ssh”, you can provide the port for the service (in this case, port 22):

sudo ufw allow 22

The above rule can be modified if you would only like to allow SSH traffic from a specific IP:

sudo ufw allow from x.x.x.x to any port 22

We recommend allowing Mac Mini Vault’s NOC IP range so that we can more quickly assist in the event of a lockout:

sudo ufw allow from 192.159.66.96/27 to any port 22

To deny traffic from a specific IP, use this command:

sudo ufw deny from x.x.x.x

To delete a rule, list the rules in a numbered list, and then delete the rule number:

sudo ufw status numbered
sudo ufw delete 5

The above commands will list all UFW rules, and then delete rule #5 in the list.

To enable UFW:

sudo ufw enable

To disable UFW:

sudo ufw disable

To check UFW status:

sudo ufw status

or

sudo ufw status verbose