UFW Setup

Install UFW

sudo apt install ufw -y

Enable UFW

sudo ufw enable

Allow SSH

sudo ufw allow ssh

Allow HTTP

sudo ufw allow http

Allow HTTPS

sudo ufw allow https

Check UFW Status

sudo ufw status verbose

Check UFW Rules

sudo ufw status numbered

Allow for specific IP addresses

sudo ufw allow from 192.168.0.1 to any port 22
sudo ufw allow from 192.168.0.1 to any port 80
sudo ufw allow from 192.168.0.1 to any port 443

Allow for specific IP ranges

sudo ufw allow from 192.168.0.0/24 to any port 22
sudo ufw allow from 192.168.0.0/24 to any port 80
sudo ufw allow from 192.168.0.0/24 to any port 443

Allow for any ip but on a custom port

sudo ufw allow 2222/tcp

Deny for a specific ip

sudo ufw deny from 192.168.122.200

Deny for a specific ip range

sudo ufw deny from 192.168.122.0/24

block all traffic

sudo ufw default deny incoming
sudo ufw default deny outgoing

Deny for a specific port

sudo ufw deny 80/tcp

Enable UFW

sudo ufw enable

restart UFW

sudo ufw restart

disable UFW

sudo ufw disable

enable logging

sudo ufw logging on

set logging level

sudo ufw logging medium

set logging level to high

sudo ufw logging high

set logging level to low

sudo ufw logging low

Quickly setup UFW for a new server

sudo ufw default deny incoming
sudo ufw default allow outgoing
 
# Allow SSH, HTTP, and HTTPS
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
 
# Check if the server is working
curl -I http://your-server-ip
 
# check for errors
sudo journalctl -u ufw --no-pager | tail -n 20
 

Setup twingate

sudo ufw default deny incoming
sudo ufw default allow outgoing
 
sudo ufw allow out to any port 443 proto tcp   # Allow outbound HTTPS (Twingate control traffic)
sudo ufw allow out to any port 3478 proto udp  # Allow STUN/TURN for WebRTC (Optional)
sudo ufw allow out to any port 10000:65535 proto udp  # Allow dynamic UDP for peer-to-peer