The passage is a step‑by‑step guide for installing and configuring Ubuntu’s Uncomplicated Firewall (UFW) on version 22.04 LTS, emphasizing why a lightweight host‑based firewall is preferable to more complex solutions. It walks the reader through updating packages, installing UFW, setting default deny/allow policies, enabling the service, and verifying its status. The tutorial then shows how to open needed ports (e.g., HTTP, HTTPS, SSH from a specific subnet), add or remove individual IP rules, enable moderate logging, and finally disable or reset the firewall when testing. Overall, it provides concise command‑line instructions for creating a functional, minimal firewall that protects a home or small‑office Ubuntu system.

Install & Configure UFW Firewall on Ubuntu 22.04 LTS

What you’ll get out of this – a working uncomplicated firewall that actually blocks the traffic you don’t want while letting your usual apps breathe. I’ll walk through installing the package, turning it on, tightening default policies, and adding or removing single IPs without drowning in menus.

1. Why bother with UFW at all?

I’ve seen fresh Ubuntu installs get hacked within minutes after a careless “apt‑upgrade” pulls in a buggy driver that opens a stray port. The built‑in ufw (Uncomplicated Firewall) is lightweight, integrates with systemd, and requires no extra GUI clutter. If you’re looking for something more heavyweight like Shorewall, skip it – UFW does the job for home or small office machines.

2. Install the package

sudo apt update
sudo apt install ufw

The first command refreshes your repository list; without it you might end up with an outdated version that doesn’t understand newer kernel modules. The second pulls in just a few megabytes – nothing bloated here.

3. Enable and set sensible defaults

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw enable

deny incoming blocks everything that tries to reach you, which is the safest baseline. allow outgoing keeps your browser, updates, and ssh client happy. Running enable writes a rule set to /etc/ufw/user.rules and starts the daemon; you’ll see a quick “Firewall is active” message.

4. Verify it’s live

sudo ufw status verbose

Look for “Status: active” and the default policies you just set. If you spot “inactive”, something went wrong with systemd – check journalctl -u ufw for clues.

5. Open ports you actually need

Web server:

sudo ufw allow 80/tcp # HTTP
sudo ufw allow 443/tcp # HTTPS

SSH from a specific network:

sudo ufw allow from 192.168.1.0/24 to any port 22 proto tcp

Restricting SSH to your LAN stops random bots on the internet from even trying.

6. Adding or removing single IPs

Block an annoying scanner:

sudo ufw deny from 203.0.113.45

Undo it later:

sudo ufw delete deny from 203.0.113.45

I once had a neighbor’s router spamming my logs; a single deny line cleared it up in seconds.

7. Logging – useful, but not overkill

Enable moderate logging so you can see blocked attempts without filling the disk:

sudo ufw logging medium

If you ever need to debug, bump it to “high” temporarily, then drop back down. The log lives in /var/log/ufw.log.

8. Disable or reset (when you’re experimenting)

Turn off the firewall completely:

sudo ufw disable

Wipe everything and start fresh:

sudo ufw reset

reset removes all custom rules – handy after a messy trial run.

That’s it. You now have a lean, effective barrier that you can tweak with one‑liners instead of hunting through GUI dialogs.