Home > Network Management > ufw-allow

ufw allow: Add UFW Firewall Rule (Allow)

UFW (Uncomplicated Firewall) is a tool that simplifies firewall rule management on Linux systems. The `ufw allow` command is used to add rules that permit inbound (or outbound) traffic for specific ports, protocols, or applications. This is essential for enhancing system security and blocking unwanted access.

Overview

`ufw allow` adds a new allow rule to the UFW firewall, permitting network traffic that matches the specified conditions to enter or leave the system. It is commonly used to open access for specific services such as web servers (HTTP/HTTPS), SSH connections, and database connections.

Key Features

  • Allow specific ports or port ranges
  • Specify specific protocols (TCP/UDP)
  • Add rules based on application profiles
  • Specify source IP addresses or subnets
  • Specify destination IP addresses or subnets

Key Options

The `ufw allow` command can be combined with various options to create flexible firewall rules.

Basic Allow Rules

Specifying Protocol and Direction

Advanced Options

Generated command:

Try combining the commands.

Description:

`ufw-allow` Executes the command.

Combine the above options to virtually execute commands with AI.

Usage Examples

Here are various examples of using the `ufw allow` command to add firewall rules.

Allow SSH (Port 22)

sudo ufw allow 22

Allows TCP traffic to port 22 (SSH) from all IPs.

Allow HTTP (Port 80)

sudo ufw allow http

Allows TCP traffic to port 80 (HTTP) from all IPs.

Allow SSH from a Specific IP

sudo ufw allow from 192.168.1.100 to any port 22

Allows SSH connections to port 22 only from a specific IP address (e.g., 192.168.1.100).

Allow HTTP and HTTPS Ports

sudo ufw allow 80,443/tcp

Allows TCP traffic to ports 80 (HTTP) and 443 (HTTPS).

Allow UDP Port

sudo ufw allow 53/udp

Allows UDP traffic to port 53 (DNS).

Using Application Profile

sudo ufw allow 'OpenSSH'

Allows ports defined by the registered 'OpenSSH' application profile.

Installation

`ufw` is typically pre-installed on most Debian/Ubuntu-based systems or can be easily installed. The `ufw allow` command is part of the `ufw` package.

Install UFW on Debian/Ubuntu

sudo apt update
sudo apt install ufw

If `ufw` is not installed on your system, you can install it using the following commands:

Tips & Precautions

Be cautious when adding firewall rules. Incorrect rules can block system access or create security vulnerabilities.

Useful Tips

  • Always check currently active rules using `ufw status` or `ufw status verbose`.
  • It's important to understand the default policy. UFW typically denies incoming connections and allows outgoing connections.
  • The order of rules can be important; specific rules may take precedence over others.
  • Minimize your attack surface by only allowing necessary ports. It's safer to keep unused ports closed.
  • After adding rules, always test to ensure they function as intended.

Precautions

  • Blocking Remote Access: Accidentally blocking the SSH port (default 22) can prevent you from accessing your remote server. Carefully verify rules before and after applying them.
  • Deleting Rules: Incorrect rules can be deleted using `ufw delete allow <rule>` or `ufw delete <rule_number>` commands.

Same category commands

aria2c

aria2c: A Multi-Protocol Download Utility

curl

curl -I: Check HTTP Header Information

curl

curl: HTTP Requests and File Transfer (Silent Mode)

curl-verbose

curl-verbose: Detailed output of curl's communication

dig

dig: DNS Information Lookup