The objective is to enable UFW firewall, deny all incoming ports however only allow HTTP port 80 and HTTPS port 443 on Ubuntu 18.04 Bionic Beaver Linux

Operating System and Software Versions

  • Operating System: - Ubuntu 18.04 Bionic Beaver


Privileged access to your Ubuntu 18.04 Bionic Beaver will be required.


  • # - requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
  • $ - requires given linux commands to be executed as a regular non-privileged user

Other Versions of this Tutorial

Ubuntu 20.04 (Focal Fossa)


Check a current firewall status

Check your firewall status. By default the UFW firewall will be disabled:
$ sudo ufw status
Status: inactive

Block all incoming traffic

First, we can block all incoming traffic using the following linux command:
$ sudo ufw default deny incoming
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)

Allow HTTP/HTTPS incoming traffic

UFW offers three possible profiles to allow/deny traffic to the Apache web server:
  • Apache - Port 80
  • Apache Full - Ports 80,443
  • Apache Secure - Port 443
and Nginx webserver:
  • Nginx HTTP - Port 80
  • Nginx Full - Ports 80,443
  • Nginx HTTPS - Port 443
Using the above profile names we can allow an incoming traffic to suit any scenario. For example to allow both ports 80,443 on for Apache execute:
$ sudo ufw allow in "Apache Full"
Rule added
Rule added (v6)
Alternatively, to allow only port 443 on Nginx server execute:
$ sudo ufw allow in "Nginx HTTPS"

Enable Firewall

$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

Subscribe to Linux Career NEWSLETTER and receive latest Linux news, jobs, career advice and tutorials.

Check status

$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----               
80,443/tcp (Apache Full)   ALLOW IN    Anywhere                             
80,443/tcp (Apache Full (v6)) ALLOW IN    Anywhere (v6)


$ sudo ufw allow in "Apache Full"
ERROR: Could not find a profile matching 'Apache Full'
You do not have Apache webserver installed on your system yet. To install Apache webserver execute:
$ sudo apt install apache2
FIND LATEST LINUX JOBS on LinuxCareers.com
Submit your RESUME, create a JOB ALERT or subscribe to RSS feed.
Subscribe to NEWSLETTER and receive latest news, jobs, career advice and tutorials.
Get extra help by visiting our LINUX FORUM or simply use comments below.

You may also be interested in: