0
0
Linux CLIscripting~5 mins

Firewall basics (ufw, iptables) in Linux CLI - Commands & Configuration

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Introduction
Firewalls help protect your computer by controlling which network traffic is allowed or blocked. UFW and iptables are tools that let you set simple or advanced rules to keep your system safe from unwanted connections.
When you want to block all incoming connections except for a web server on port 80.
When you need to allow SSH access only from a specific IP address.
When you want to quickly enable or disable firewall rules without complex commands.
When you want to log blocked connection attempts for security monitoring.
When you need to create custom rules for advanced network filtering.
Commands
This command turns on the uncomplicated firewall (UFW) to start protecting your system with default rules.
Terminal
sudo ufw enable
Expected OutputExpected
Firewall is active and enabled on system startup
This command allows incoming web traffic on port 80 using TCP, so your web server can receive requests.
Terminal
sudo ufw allow 80/tcp
Expected OutputExpected
Rule added Rule added (v6)
This command shows the current firewall status and all active rules in detail.
Terminal
sudo ufw status verbose
Expected OutputExpected
Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 80/tcp ALLOW IN Anywhere 80/tcp (v6) ALLOW IN Anywhere (v6)
verbose - Shows detailed status including logging and default policies
This command lists all current iptables firewall rules in a simple format to see what is allowed or blocked.
Terminal
sudo iptables -L
Expected OutputExpected
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
This command adds a rule to iptables to accept incoming TCP connections on port 22, which is used for SSH access.
Terminal
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
Expected OutputExpected
No output (command runs silently)
-A INPUT - Appends the rule to the INPUT chain
-p tcp - Specifies the TCP protocol
--dport 22 - Specifies the destination port 22
-j ACCEPT - Accepts matching packets
Check the updated iptables rules to confirm the SSH rule was added successfully.
Terminal
sudo iptables -L
Expected OutputExpected
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
Key Concept

If you remember nothing else from this pattern, remember: firewalls control network access by allowing or blocking traffic based on rules you set.

Common Mistakes
Trying to enable UFW without sudo privileges
Firewall commands require administrative rights to change system settings, so the command will fail without sudo.
Always run firewall commands with sudo to have the necessary permissions.
Not allowing SSH port before enabling firewall, causing lockout
If you enable the firewall without allowing SSH, you may lose remote access to your server.
Allow SSH port 22 before enabling the firewall to keep remote access.
Adding iptables rules without saving them
iptables rules are lost after reboot unless saved and restored, so your firewall won't protect after restart.
Use tools like iptables-save and iptables-restore or configure persistent firewall rules.
Summary
Use 'sudo ufw enable' to turn on the uncomplicated firewall with default protections.
Add rules like 'sudo ufw allow 80/tcp' to permit specific traffic such as web requests.
Use 'sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT' to add detailed rules for protocols and ports.
Check your rules anytime with 'sudo ufw status verbose' or 'sudo iptables -L' to verify firewall settings.