# Uncomplicated Firewall (UFW) UFW (Uncomplicated Firewall) is a user-friendly frontend for managing iptables [[Firewall]] rules on Linux. Developed by Canonical for [[Ubuntu]], it simplifies firewall configuration with intuitive commands while still leveraging the power of iptables underneath. Instead of writing complex iptables rules, you use commands like `ufw allow ssh` or `ufw deny 23`. Basic usage follows a simple pattern: set a default policy (`ufw default deny incoming`), allow specific services (`ufw allow 80/tcp`), and enable the firewall (`ufw enable`). UFW supports application profiles—predefined rule sets for common software like OpenSSH, Nginx, or Apache. You can also specify source IPs (`ufw allow from 192.168.1.0/24 to any port 22`) for more granular control. For [[Self-hosting]], UFW provides the right balance of simplicity and power. A typical setup denies all incoming traffic by default, then explicitly allows [[Secure Shell (SSH)]], HTTP/HTTPS, and any other required services. Combined with [[Fail2Ban]] for dynamic IP blocking, UFW handles static firewall rules while Fail2Ban manages reactive bans. The `ufw status verbose` command shows active rules at a glance. ## Related - [[Firewall]] - [[Ubuntu]] - [[Fail2Ban]] - [[Secure Shell (SSH)]] - [[Self-hosting]] - [[Linux]] ## References - https://help.ubuntu.com/community/UFW - https://wiki.ubuntu.com/UncomplicatedFirewall