For example, if you want to allow all incoming secure shell (SSH) traffic, you might have to issue commands like this: That’s all fine and good if you have time to not only master the Linux operating system, but also know the finer points of managing a complicated security system. To be fair, I did spend the time and was eventually able to manage the security of my systems with iptables.  However, the busier I got, the harder it became to continue the level of mastery needed to keep up with iptables. Over time, things started getting more accessible and some Linux distribution developers began to realize an easier system was necessary. One of those more accessible Linux firewalls came into being with the Ubuntu distribution (around version 12.04). That firewall is aptly named Uncomplicated Firewall. Uncomplicated Firewall (UFW) is a frontend for iptables, which focuses on simplicity. Compared to iptables, UFW is a leisurely stroll through the park that anyone can handle. Let’s take a walk down UFW lane and see just how simple it makes managing your Linux system firewall. There are two things you should know about UFW: 

It’s a command-line tool.There are GUI tools available to make it even easier.

The UFW command-line basics

The UFW command is actually pretty simple. Let’s stick with our SSH idea from above. Let’s say you want to allow other systems to access your machine by way of SSH (which listens on port 22).  First, you’ll want to see if UFW is even enabled. Guess what…it’s not by default. Test that out by opening a terminal window and issuing the command: You’ll probably see the following: How do you activate it? Issue the command: The output of the command should be: Firewall is active and enabled on system startup Congratulations, your firewall is now active.  As to the basic usage of UFW, it looks something like this: Where ARGUMENT is either allow, deny, reject, limit, status, show, reset, reload, enable, disable and SERVICE is the service you want to work with (such as SSH or HTTP). Next, we need to allow SSH traffic into the system. Believe it or not, that’s as simple as: You could also run the command using the port number, like this: Or, if you run SSH on port 2022, that command would be: If you’re working on a server and you need to allow HTTP traffic through, that command would be:

Let’s get a bit more advanced

one of the nice things about UFW is that even using more advanced features doesn’t require advanced knowledge. Let’s say, for example, you want to allow SSH traffic in, but only from a specific IP address on your network. If you’ve already allowed incoming SSH traffic, you’ll first need to delete that rule with: Now, if you try to SSH into the machine, the firewall will block the attempt. So, let’s allow SSH connections from IP address 192.168.1.152. For that, we’d issue the command: After running the above command, you should be able to log into the machine, via SSH, only from the remote system at IP address 192.168.1.152.

What about the GUI?

If the command line isn’t your jam, there’s always a handy GUI tool to make it even easier. One such tool is GUFW, which allows you to point and click your way to UFW firewall rules. If UFW isn’t installed on your Linux distribution by default, you’ll find it in your app store. Once installed, open the app and click on the Rules tab (Figure 1). As you can see, I already have a few UFW rules added. One thing to keep in mind is that you cannot edit rules that were added via the UFW command line. Let’s add the same rule via the GUI that we just did from the command line. Click + and then (from the Preconfigured tab), select the following:

Policy - AllowDirection - InCategory - AllSubcategory - AllApplication - SSH

That alone will create the rule allowing all SSH traffic into your system. If, however, you want to only allow traffic from a single IP address, you must click the Advanced tab and fill out the following (Figure 2):

Name - any name you wantPolicy - AllowDirection - InInterface - All InterfacesFrom - 192.168.1.152

Click Add and your rule is inserted into the firewall. And that, my friends, is your uncomplicated introduction to the Uncomplicated Firewall. But don’t think UFW is nothing more than a very basic firewall system. You can actually get considerably more complicated but for the basics, UFW is easy enough for anyone to use.