Conventions

• # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
• $ – requires given linux commands to be executed as a regular non-privileged user

Example 1

Open incoming TCP port 10000 to any source IP address:

$ sudo ufw allow from any to any port 10000 proto tcp

Example 2

Open incoming TCP port 443 to only specific source IP address eg. 10.1.1.231:

$ sudo ufw allow from 10.1.1.231 to any port 443 proto tcp

Example 3

Open incoming UDP port 53 to source subnet eg. 10.1.1.0/8:

$ sudo ufw allow from 10.1.1.0/8 to any port 53 proto udp

Example 4

Open incoming TCP ports 20 and 21 from any source, such as when running FTP server:

$ sudo ufw allow from any to any port 20,21 proto tcp

UFW blocking port 8001 until I login to ubuntu

What I would recommend doing, just to make sure we get the correct setup, is running

ufw disable

Then

ufw reset

The above stops ufw and then resets all rules. With a clean slate, we setup our default policies first.

ufw default deny incoming \
&& ufw default allow outgoing

With those rules in place, we then add the rules we need to work for whatever our purposes are. To start, I recommend allowing SSH in first.

ufw allow 22/tcp

We can then allow application-specific ports, such as 80, 443, 8001, etc. I’ll start with those three.

ufw allow 80/tcp \
&& ufw allow 443/tcp \
&& ufw allow 8001/tcp

We could also run just one command (copy and paste directly)

ufw disable \
&& ufw reset \
&& ufw default deny incoming \
&& ufw default allow outgoing \
&& ufw allow 22/tcp \
&& ufw allow 80/tcp \
&& ufw allow 443/tcp \
&& ufw allow 8001/tcp

Now, if you need to add any other ports, now’s the time to go ahead and add them. If nothing more needs to be added, we can then run

ufw enable

When prompted to confirm, type y, hit enter, and ufw is active once again.