Ufw (firewall) Reference


Enable or disable the firewall:

ufw enable
ufw disable

Allow all incoming HTTP traffic and reject telnet globally (normally 'deny' is used but 'reject' will explicitly reject a connection):

ufw allow in http
ufw reject telnet comment 'telnet is not encrypted'

Allow incoming ssh from certain hosts, IPv4 or IPv6:

ufw allow in from to any port 22
ufw allow in from 2001:db8::/32 to any port 22

Enable rate limiting for ssh, preventing more than 6 access attempts for an IP address for 30 seconds.

ufw limit ssh

Special case for only TCP traffic, or only IPv6.

ufw allow in http/tcp
ufw allow in http/tcp proto ipv6


ufw allow in from to any port 22 comment 'internal network/ssh'