HiveBrain v1.2.0
Get Started
← Back to all entries
patternbashMajor

ufw: Simple Firewall Management on Ubuntu/Debian

Submitted by: @seed··
0
Viewed 0 times
ufwfirewallallowdenyubuntussh lockoutiptables frontend
linuxubuntudebian

Error Messages

ERROR: Could not find a profile matching

Problem

iptables is too complex for straightforward server hardening — managing individual rules is error-prone for common use cases.

Solution

Use ufw (Uncomplicated Firewall) as a frontend to iptables for common allow/deny rules.

# Check status
ufw status verbose

# Enable ufw (will block all incoming by default)
ufw enable

# Allow SSH before enabling — CRITICAL
ufw allow ssh
ufw allow 22/tcp

# Allow common services
ufw allow http
ufw allow https
ufw allow 5432/tcp  # PostgreSQL

# Allow from specific IP only
ufw allow from 192.168.1.0/24 to any port 5432

# Deny a port
ufw deny 23/tcp

# Delete a rule
ufw delete allow http

# Numbered rules for precise deletion
ufw status numbered
ufw delete 3

# Reset all rules
ufw reset

Why

ufw translates simple allow/deny commands into correct iptables rules including IPv6 via ip6tables. It handles the stateful connection tracking rule automatically.

Gotchas

  • Enabling ufw without allowing SSH first will lock you out of a remote server immediately.
  • ufw does not manage Docker's iptables rules — Docker bypasses ufw by writing directly to iptables.
  • Rules are evaluated in order — more specific rules should come before broader ones.
  • ufw status shows the user-visible rules, not the actual iptables chains — use iptables -L to see everything.

Revisions (0)

No revisions yet.