UFW commands

Understanding UFW command structure

UFW commands follow a consistent and logical structure. This structure makes them easy to learn and remember. The basic format is: sudo ufw [option] [rule]. Understanding this structure is key to effective UFW management.

sudo ufw [--dry-run] [option] [rule syntax]

Allowing connections with UFW

Allowing connections is a fundamental UFW task. Use the 'allow' command to open ports or permit specific traffic. The basic syntax is sudo ufw allow [port]/[protocol]. This granular control helps maintain security while ensuring necessary access.

sudo ufw allow 80/tcp  # Allow HTTP traffic
sudo ufw allow 443/tcp  # Allow HTTPS traffic
sudo ufw allow 22/tcp  # Allow SSH

You can also allow traffic from specific IP addresses:

sudo ufw allow from 18.222.110.70

Deleting UFW rules

Removing unnecessary rules keeps your firewall efficient. UFW offers two methods to delete rules. Regular review and cleanup of rules is a good practice. It helps maintain an organized and effective firewall configuration.

Deleting by rule:

sudo ufw delete allow 80/tcp

Deleting by number:

sudo ufw status numbered
sudo ufw delete 2

Checking UFW status

Regularly checking UFW status is vital for security. Use these commands to monitor your firewall configuration:

sudo ufw status verbose
sudo ufw status numbered

The verbose option shows detailed information about your rules. The numbered option helps when you need to modify specific rules by their position.

Advanced UFW commands

UFW supports advanced features for complex configurations. You can set up rate limiting, port ranges, and application profiles. These features help create robust security policies.

sudo ufw allow 6000:6007/tcp  # Allow port range
sudo ufw limit ssh  # Enable rate limiting
sudo ufw allow 'Apache'  # Use application profile