@raycool

The idea behind ufw is to remove the more complex, complicated iptables commands that you’d be using under normal circumstances.

Generally, you’ll make sure ufw is disabled, that way you don’t accidentally lock yourself out.

ufw disable

Check the status to confirm (even though the command above will tell you essentially the same).

ufw status

Now, I like to also make sure that I’m working with a clean slate, so I’ll go ahead and do a reset.

ufw reset

Now, setting up the default policies is where we start. The goal is to deny all incoming and allow all outgoing.

ufw default deny incoming

ufw default allow outgoing

If you turned the firewall on at this point, you’d lock yourself out, so let’s start by first allowing at least SSH through.

ufw allow 22/tcp

The above command allows access to Port 22 over TCP to anyone. This means incoming/outgoing.

So the default method of allowing a port through is ufw allow followed by a port number, a /, and then the protocol. In most cases, TCP will always be the protocol unless you’re dealing with DNS or something else that requires UDP.

So if we wanted to allow 80 (HTTP) and 443 (HTTPS), we could proceed to run:

ufw allow 80/tcp

and

ufw allow 443/tcp

You can swap those ports to match those that you need open.

Once you’re done adding rules, you can enable ufw using:

ufw enable

Outgoing connections will always be allowed, so no rules need to be setup there. The purpose of the above is to define ports that we want to allow connections through on.

As long as the port you’re connecting from and to on both servers are open, then you’ll be okay with the above. Blocked connections would mean that somewhere, you used the above and didn’t open up a port.