Objective

The objective of this article is to serve as a quick reference guide on how to allow incoming traffic on any TCP or UDP port using Ubuntu 18.04 Bionic Beaver Linux with UFW firewall.

Operating System and Software Versions

  • Operating System: - Ubuntu 18.04 Bionic Beaver Linux

Requirements

Privileged access to your Ubuntu System as root or via sudo command is required.

Difficulty

EASY

Conventions

  • # - requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
  • $ - requires given linux commands to be executed as a regular non-privileged user

Instructions

Example 1

Open incoming TCP port 10000 to any source IP address:
$ sudo ufw allow from any to any port 10000 proto tcp

Example 2

Open incoming TCP port 443 to only specific source IP address eg. 10.1.1.231:
$ sudo ufw allow from 10.1.1.231 to any port 443 proto tcp

Example 3

Open incoming UDP port 53 to source subnet eg. 10.1.1.0/8:
$ sudo ufw allow from 10.1.1.0/8 to any port 53 proto udp

Example 4

Open incoming TCP ports 20 and 21 from any source, such as when running FTP server:
$ sudo ufw allow from any to any port 20,21 proto tcp


List All UFW rules

Use the following linux command to list all currently enabled rules:
$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
10000/tcp                  ALLOW       Anywhere                  
443/tcp                    ALLOW       10.1.1.231                
53/udp                     ALLOW       10.0.0.0/8                                                                                                                                              
20,21/tcp                  ALLOW       Anywhere                                                                                                                                                
10000/tcp (v6)             ALLOW       Anywhere (v6)                                                                                                                                           
20,21/tcp (v6)             ALLOW       Anywhere (v6)

Delete UFW rule

The easiest way, but perhaps not the most efficient way to remove UFW rules, is to list all rules in numbered format:
$ sudo ufw status numbered
Status: active                                                                                                                                                                                 
                                                                                                                                                                                               
     To                         Action      From                                                                                                                                               
     --                         ------      ----                                                                                                                                               
[ 1] 10000/tcp                  ALLOW IN    Anywhere                                                                                                                                           
[ 2] 443/tcp                    ALLOW IN    10.1.1.231                                                                                                                                         
[ 3] 53/udp                     ALLOW IN    10.0.0.0/8                                                                                                                                         
[ 4] 20,21/tcp                  ALLOW IN    Anywhere                                                                                                                                           
[ 5] 10000/tcp (v6)             ALLOW IN    Anywhere (v6)             
[ 6] 20,21/tcp (v6)             ALLOW IN    Anywhere (v6)
Note, the line numbers for each rule. To remove rule eg. [ 5] execute:
$ sudo ufw delete  5
Deleting:
 allow 10000/tcp
Proceed with operation (y|n)? y
Rule deleted (v6)
ARE YOU LOOKING FOR A LINUX JOB?
Submit your RESUME, create a JOB ALERT or subscribe to RSS feed on LinuxCareers.com.
DO YOU NEED ADDITIONAL HELP?
Get extra help by visiting our LINUX FORUM or simply use comments below.