Objective

The objective of this article is to serve as a quick reference guide on how to allow incoming traffic on any TCP or UDP port using Ubuntu 18.04 Bionic Beaver Linux with UFW firewall.

Operating System and Software Versions

  • Operating System: - Ubuntu 18.04 Bionic Beaver Linux

Requirements

Privileged access to your Ubuntu System as root or via sudo command is required.

Difficulty

EASY

Conventions

  • # - requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
  • $ - requires given linux commands to be executed as a regular non-privileged user

Instructions

Example 1

Open incoming TCP port 10000 to any source IP address:
$ sudo ufw allow from any to any port 10000 proto tcp

Example 2

Open incoming TCP port 443 to only specific source IP address eg. 10.1.1.231:
$ sudo ufw allow from 10.1.1.231 to any port 443 proto tcp

Example 3

Open incoming UDP port 53 to source subnet eg. 10.1.1.0/8:
$ sudo ufw allow from 10.1.1.0/8 to any port 53 proto udp

Example 4

Open incoming TCP ports 20 and 21 from any source, such as when running FTP server:
$ sudo ufw allow from any to any port 20,21 proto tcp

SUBSCRIBE TO NEWSLETTER
Subscribe to Linux Career NEWSLETTER and receive latest Linux news, jobs, career advice and tutorials.


List All UFW rules

Use the following linux command to list all currently enabled rules:
$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
10000/tcp                  ALLOW       Anywhere                  
443/tcp                    ALLOW       10.1.1.231                
53/udp                     ALLOW       10.0.0.0/8                                                                                                                                              
20,21/tcp                  ALLOW       Anywhere                                                                                                                                                
10000/tcp (v6)             ALLOW       Anywhere (v6)                                                                                                                                           
20,21/tcp (v6)             ALLOW       Anywhere (v6)

Delete UFW rule

The easiest way, but perhaps not the most efficient way to remove UFW rules, is to list all rules in numbered format:
$ sudo ufw status numbered
Status: active                                                                                                                                                                                 
                                                                                                                                                                                               
     To                         Action      From                                                                                                                                               
     --                         ------      ----                                                                                                                                               
[ 1] 10000/tcp                  ALLOW IN    Anywhere                                                                                                                                           
[ 2] 443/tcp                    ALLOW IN    10.1.1.231                                                                                                                                         
[ 3] 53/udp                     ALLOW IN    10.0.0.0/8                                                                                                                                         
[ 4] 20,21/tcp                  ALLOW IN    Anywhere                                                                                                                                           
[ 5] 10000/tcp (v6)             ALLOW IN    Anywhere (v6)             
[ 6] 20,21/tcp (v6)             ALLOW IN    Anywhere (v6)
Note, the line numbers for each rule. To remove rule eg. [ 5] execute:
$ sudo ufw delete  5
Deleting:
 allow 10000/tcp
Proceed with operation (y|n)? y
Rule deleted (v6)
ARE YOU LOOKING FOR A LINUX JOB?
Submit your RESUME, create a JOB ALERT or subscribe to RSS feed on LinuxCareers.com.
LINUX CAREER NEWSLETTER
Subscribe to NEWSLETTER and receive latest news, jobs, career advice and tutorials.
DO YOU NEED ADDITIONAL HELP?
Get extra help by visiting our LINUX FORUM or simply use comments below.