🕐 1 min read 🌱Beginner 🐧 Linux

Enable UFW Firewall in 30 Seconds

Your Ubuntu/Debian system has no active firewall. UFW (Uncomplicated Firewall) is built in but disabled by default. Let's turn it on with sensible defaults.

Allow SSH first

Before enabling the firewall, you must allow SSH connections. If you skip this step and you're connected remotely, the firewall will block your session and lock you out.

sudo ufw allow ssh

This creates a rule allowing incoming TCP connections on port 22. If your SSH server runs on a custom port, specify it explicitly:

sudo ufw allow 2222/tcp

Enable the firewall

Now activate UFW:

sudo ufw enable

Type y when asked to confirm. UFW is now active and will start automatically on boot. The default policy blocks all incoming connections and allows all outgoing—which is exactly what most systems need.

Verify

Confirm that the firewall is running and your SSH rule is in place:

sudo ufw status verbose

You should see output like:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere

If you need to allow additional services later (e.g., a web server), use sudo ufw allow 80/tcp or sudo ufw allow 'Nginx Full'.

Learn advanced UFW rules, port ranges, and application profiles in our full UFW Basics tutorial.