How to Use UFW on Debian 10 Buster Linux

UFW is very simple to use and configure. It’s available right in the Debian repositories, and it integrates well into a Debian system. The simplified controls and ability to easily start and stop your firewall make in an excellent option for desktops and small servers.

In this tutorial you will learn:

  • How to Install UFW
  • How to Set the Defaults on UFW
  • How to Allow Ports
  • How to Allow Interfaces
  • How to Allow Protocol
  • How to Allow IP Addresses
  • How to Enable UFW

UFW on Debian 10

UFW on Debian 10.

Software Requirements and Conventions Used

Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Debian 10 Buster
Software UFW
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

How to Install UFW

UFW is available right in the Debian repositories. Go ahead an install it. Unlike other Debian services, UFW won’t start immediately, so you won’t need to worry about getting locked out.

$ sudo apt install ufw

How to Set the Defaults on UFW

UFW Allow Ports on Debian 10

UFW Allow Ports on Debian 10.

The first step in setting up any firewall is setting your default behaviors. It’s generally a good idea to drop incoming requests by default and allow outgoing traffic. If you’d prefer to block everything, you can, but be cautious of that when getting set up.

$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing

How to Allow Ports

Now, you can start allowing certain incoming traffic. The most obvious and simplest way to do that is using ports. Start by allowing the most important port to enable access, port 22 for SSH.

$ sudo ufw allow 22

You can allow other common ports too. For example, on a web server, you’d want to allow HTTP and HTTPS traffic.

$ sudo ufw allow 80
$ sudo ufw allow 443

If you have something non-standard, you can always punch that in too. In fact, you can allow arrange of ports with a colon(:).

$ sudo ufw allow 27015:27030

UFW also has the option of using the name of common ports instead of a number. For example, if you wanted to allow FTP:

$ sudo ufw allow ftp

As you may have guessed, any of these will work in reverse by using deny in place of allow.

$ sudo ufw deny 25

How to Allow Interfaces

UFW Allow Interface on Debian 10

UFW Allow Interface on Debian 10.

If you want to allow traffic only on a certain interface but not another, you can specify that too.

$ sudo ufw allow in on eth0 to any port 22

Again, you can reverse it to deny traffic on a certain interface.

$ sudo ufw deny in on eth0 to any port 22

How to Allow Protocol

UFW Allow Protocol on Debian 10

UFW Allow Protocol on Debian 10.

If you’d only like to allow a certain protocol(TCP or UDP) over a port, you can do that as well. This is great for services like Samba which operate with specific protocols.

$ sudo ufw allow 137/udp

How to Allow IP Addresses

UFW Allow IP on Debian 10

UFW Allow IP on Debian 10.

You can also specify certain IP addresses to allow traffic from. If you wanted to limit SSH traffic to a certain IP address for security, this would be a way to accomplish that.

$ sudo ufw allow from ##.##.###.### to any port 22

The same thing works with ranges of IP addresses too.

$ sudo ufw allow from to any port 445

How to Enable UFW

Enable UFW on Debian 10

Enable UFW on Debian 10.

Once you have your desired ports allowed, you can start up UFW and enable it at boot.

$ sudo ufw enable

To check the status of your firewall and the rules in use run:

$ sudo ufw status

If, for some reason, you’d like to disable UFW, you can do that just as easily.

$ sudo ufw disable


You’re now ready to get started with UFW. Remember that these are just the building blocks, so you can put together anything you like. UFW is simple, but it’s definitely possible to combine these commands together into something altogether more complex.