In the initial setup usually the only registered app is OpenSSH:
$ ufw app list Available applications: OpenSSH
and the firewall is disabled:
$ ufw status Status: inactive
Most probably your access to the server is via SSH. So it is crucial to configure ssh properly before activating the firewall.
$ ufw allow OpenSSH Rules updated Rules updated (v6)
Allowing access to a specific port (e.g. 12345) is straight forward:
$ ufw allow 12345 Rules updated Rules updated (v6)
To check the current user rules run
$ ufw show added Added user rules (see 'ufw status' for running firewall): ufw allow OpenSSH ufw allow 12345
If we are satisfied with the configured rule we can enable the firewall...
$ ufw enable
let's check the live configuration:
$ ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), deny (routed) New profiles: skip To Action From -- ------ ---- 22/tcp (OpenSSH) ALLOW IN Anywhere 13245 ALLOW IN Anywhere 22/tcp (OpenSSH (v6)) ALLOW IN Anywhere (v6) 12345 (v6) ALLOW IN Anywhere (v6)
Nice. This was in deed an uncomplicated initial setup.
Removing a rule is as easy as prefixing a rule with
$ ufw delete allow from 192.168.0.42 to any port 50000
PS: The logs are available via
tail -500f /var/log/ufw.log.