Adding Rules

Updated on 28 Mar 2022

Allow SSH Port 22

In the previous tutorial we finished off with the firewall enabled and not being able to ssh into the machine. In this next step we’ll allow access via Port 22. We can do that with one of two commands.

ufw allow ssh


ufw allow from any to any port 22

Now if I attempt to ssh into the server, I am granted access.


If I run the status command, I can see the new rule added.

sudo ufw status

Status (verbose)

If I run the status command with the verbose option, I get a bit more information which includes the default settings I set earlier.

sudo ufw status verbose

Understanding the arguments

I am using allow because the default is to deny everything, and then open up for specific ports. allow (and deny) expect addtional arguments.

  • proto -> short for protocol. I can specify udp, tcp etc.
  • from -> Target IP address. You can specify the IP address (or any) that the rule applies to in relation to the machine trying to connect. When I say from any, it means any computer / IP address.
  • to -> Destination. Same explanation as above, but this is for the destination machine. I’ve always kept this as to any, and could probably be skipped in most scenario’s.
  • port -> port that I can access / that the rule applies to.


ufw allow from any to any proto tcp port 22

Or if I want to be a little more specific, in regards to which computer is allowed in.

ufw allow from ip_address to any proto tcp port 22


If you want to see what applications / services would require a rule to be set up, use the following command

sudo ufw app list