Use UFW for simple firewall setup with commands like sudo ufw allow ssh and sudo ufw enable after setting defaults to deny incoming and allow outgoing traffic. 2. Use iptables for advanced control by setting policies with sudo iptables -P INPUT DROP, allowing loopback and established connections, opening ports for services, and saving rules via sudo iptables-save > /etc/iptables/rules.v4 to persist after reboot. The choice depends on user expertise and requirements, with UFW being beginner-friendly and iptables offering granular control, both effective when configured correctly to secure a Linux system exposed to the internet.
Setting up a firewall on Linux is essential for securing your system, especially if it's exposed to the internet. Two of the most common tools for managing firewalls on Linux are UFW (Uncomplicated Firewall) and iptables. UFW is great for beginners, while iptables offers more granular control. Here’s how to set up a firewall using both.
1. Using UFW (Beginner-Friendly)
UFW is designed to make firewall configuration simple. It’s pre-installed on Ubuntu and can be easily added to other distributions.
Install UFW (if not already installed)
sudo apt update sudo apt install ufw
Check UFW Status
sudo ufw status verbose
This shows whether the firewall is active and what rules are in place.
Set Default Policies
Start by denying all incoming traffic and allowing outgoing traffic:
sudo ufw default deny incoming sudo ufw default allow outgoing
Allow Essential Services
Open ports for common services:
sudo ufw allow ssh # Port 22 sudo ufw allow http # Port 80 sudo ufw allow https # Port 443
Or specify ports directly:
sudo ufw allow 22/tcp sudo ufw allow 8080
Enable the Firewall
sudo ufw enable
You’ll get a warning if SSH is blocked — make sure you’ve allowed SSH first if connecting remotely.
Delete Rules (if needed)
To remove a rule:
sudo ufw delete allow 8080
2. Using iptables (Advanced Control)
iptables is the underlying firewall tool that UFW configures behind the scenes. It gives you full control but requires more precision.
Check Current iptables Rules
sudo iptables -L -n -v
-L: List rules-n: Show IP addresses (not resolved to names)-v: Verbose output
Flush Existing Rules (Start Fresh)
?? Be careful — this removes all rules:
sudo iptables -F
Set Default Policies
sudo iptables -P INPUT DROP # Deny all incoming sudo iptables -P FORWARD DROP # Block forwarding sudo iptables -P OUTPUT ACCEPT # Allow all outgoing
Allow Loopback Traffic
Local services need the loopback interface:
sudo iptables -A INPUT -i lo -j ACCEPT sudo iptables -A OUTPUT -o lo -j ACCEPT
Allow Established Connections
So responses to your outgoing requests aren’t blocked:
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
Open Specific Ports
Allow SSH, HTTP, and HTTPS:
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
Save iptables Rules
Rules are lost on reboot unless saved. On Ubuntu/Debian:
sudo iptables-save > /etc/iptables/rules.v4
On some systems, use:
sudo netfilter-persistent save
? Tip: Use a tool like
iptables-persistentto auto-restore rules at boot.
UFW vs iptables: When to Use Which?
| Use Case | Recommended Tool |
|---|---|
| Quick setup, basic rules | UFW |
| Desktop or small server | UFW |
| Need fine-grained control | iptables |
| Learning or scripting | iptables |
| Managing complex NAT rules | iptables |
You can even use UFW with custom iptables rules — UFW allows inserting raw iptables rules via config files.
Final Tips
- Always allow SSH before enabling the firewall remotely.
- Test rules from another machine to avoid lockout.
- Use
sudo ufw denyoriptables DROPcarefully — mistakes can block access. - Keep a backup rule set or use fail-safe scripts during testing.
Basically, go with UFW for simplicity, and iptables when you need full control. Both get the job done — just pick the right tool for your comfort level and needs.
The above is the detailed content of How to Set Up a Firewall on Linux with UFW and iptables. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
How to troubleshoot DNS issues on a Linux machine?
Jul 07, 2025 am 12:35 AM
When encountering DNS problems, first check the /etc/resolv.conf file to see if the correct nameserver is configured; secondly, you can manually add public DNS such as 8.8.8.8 for testing; then use nslookup and dig commands to verify whether DNS resolution is normal. If these tools are not installed, you can first install the dnsutils or bind-utils package; then check the systemd-resolved service status and configuration file /etc/systemd/resolved.conf, and set DNS and FallbackDNS as needed and restart the service; finally check the network interface status and firewall rules, confirm that port 53 is not
How would you debug a server that is slow or has high memory usage?
Jul 06, 2025 am 12:02 AM
If you find that the server is running slowly or the memory usage is too high, you should check the cause before operating. First, you need to check the system resource usage, use top, htop, free-h, iostat, ss-antp and other commands to check CPU, memory, disk I/O and network connections; secondly, analyze specific process problems, and track the behavior of high-occupancy processes through tools such as ps, jstack, strace; then check logs and monitoring data, view OOM records, exception requests, slow queries and other clues; finally, targeted processing is carried out based on common reasons such as memory leaks, connection pool exhaustion, cache failure storms, and timing task conflicts, optimize code logic, set up a timeout retry mechanism, add current limit fuses, and regularly pressure measurement and evaluation resources.
Install Guacamole for Remote Linux/Windows Access in Ubuntu
Jul 08, 2025 am 09:58 AM
As a system administrator, you may find yourself (today or in the future) working in an environment where Windows and Linux coexist. It is no secret that some big companies prefer (or have to) run some of their production services in Windows boxes an
How to find my private and public IP address in Linux?
Jul 09, 2025 am 12:37 AM
In Linux systems, 1. Use ipa or hostname-I command to view private IP; 2. Use curlifconfig.me or curlipinfo.io/ip to obtain public IP; 3. The desktop version can view private IP through system settings, and the browser can access specific websites to view public IP; 4. Common commands can be set as aliases for quick call. These methods are simple and practical, suitable for IP viewing needs in different scenarios.
How to Install NodeJS 14 / 16 & NPM on Rocky Linux 8
Jul 13, 2025 am 09:09 AM
Built on Chrome’s V8 engine, Node.JS is an open-source, event-driven JavaScript runtime environment crafted for building scalable applications and backend APIs. NodeJS is known for being lightweight and efficient due to its non-blocking I/O model and
System requirements to install linux
Jul 20, 2025 am 03:49 AM
Linuxcanrunonmodesthardwarewithspecificminimumrequirements.A1GHzprocessor(x86orx86_64)isneeded,withadual-coreCPUrecommended.RAMshouldbeatleast512MBforcommand-lineuseor2GBfordesktopenvironments.Diskspacerequiresaminimumof5–10GB,though25GBisbetterforad
20 YUM Commands for Linux Package Management
Jul 06, 2025 am 09:22 AM
In this article, we will learn how to install, update, remove, find packages, manage packages and repositories on Linux systems using YUM (Yellowdog Updater Modified) tool developed by RedHat. The example commands shown in this article are practicall
How to Install MySQL 8.0 on Rocky Linux and AlmaLinux
Jul 12, 2025 am 09:21 AM
Written in C, MySQL is an open-source, cross-platform, and one of the most widely used Relational Database Management Systems (RDMS). It’s an integral part of the LAMP stack and is a popular database management system in web hosting, data analytics,
