Adding Rules
Updated on 28 Mar 2022
Allow SSH Port 22
In the previous tutorial we finished off with the firewall enabled and not being able to ssh into the machine. In this next step we’ll allow access via Port 22. We can do that with one of two commands.
ufw allow ssh
OR
ufw allow from any to any port 22
Now if I attempt to ssh into the server, I am granted access.
Status
If I run the status command, I can see the new rule added.
sudo ufw status
Status (verbose)
If I run the status command with the verbose option, I get a bit more information which includes the default settings I set earlier.
sudo ufw status verbose
Understanding the arguments
I am using allow because the default is to deny everything, and then open up for specific ports. allow (and deny) expect addtional arguments.
- proto -> short for protocol. I can specify
udp,tcpetc. - from -> Target IP address. You can specify the IP address (or
any) that the rule applies to in relation to the machine trying to connect. When I sayfrom any, it means any computer / IP address. - to -> Destination. Same explanation as above, but this is for the destination machine. I’ve always kept this as
to any, and could probably be skipped in most scenario’s. - port -> port that I can access / that the rule applies to.
Example
ufw allow from any to any proto tcp port 22
Or if I want to be a little more specific, in regards to which computer is allowed in.
ufw allow from ip_address to any proto tcp port 22
Applications
If you want to see what applications / services would require a rule to be set up, use the following command
sudo ufw app list
