A UFW firewall is a system that monitors network traffic according to specific rules to keep the network safe from network sniffers and other attackers. If you have installed UFW and its status is inactive then there can be many reasons behind this. In this guide, I will explain how to fix the inactive status of UFW Firewall on Linux.
Some of the reasons for deactivation of UFW are given below:
- In many Linux distributions, UFW is pre-installed, but by default, it is disabled.
- If you have installed UFW yourself, it will be disabled by default showing inactive status.
UFW is disabled by default because it may block SSH or HTTP ports, which are important for server communication and management. It rejects all incoming traffic and allows outgoing traffic. As a server administrator, you can send requests and receive responses. However, the firewall will block all incoming connections.
The incoming traffic is critical for SSH and HTTP communications. Without SSH, you will not be able to access the server. These ports must be allowed through UFW to connect to the server. Therefore, before enabling UFW, you must ensure that the main ports are enabled for incoming traffic.
Comment: I am using Ubuntu 22.04 to execute the following command while the instructions are similar for other distributions as well.
In Linux, UFW is disabled by default whether it is pre-installed or you installed it manually. You have to activate it.
Execute to observe UFW status ufw status Command in terminal:
You can also check UFW status through UFW configuration file. To access the file, use the command below:
sudo Cat ,etc,ufw,ufw.conf
read and check file Able Service. if it is No So it means UFW is disabled.
You can also launch the GUI application to check the UFW status.
The disabled state of UFW can be fixed by enabling it using the command line.
Before enabling UFW, it is a good practice to take a look at the additional rules.
Comment: By default, UFW rejects all incoming traffic.
To enable UFW, launch Terminal and run enable ufw Command, which enables UFW even at bootup:
To monitor the status, re-run the command below:
To format the status in numbered form, use:
You can also enable it using the UFW configuration file. Open the UFW configuration file using nano Editor:
sudo nano ,etc,ufw,ufw.conf
search Ablechange position from No To YesAnd save the file.
Press to save the file Ctrl+XThis will motivate you to make and press change and and To save the file.
Comment: To enable UFW via configuration file you must reboot the server.
You can also enable UFW using the GUI window of UFW. Launch the UFW application and toggle Enabled.
Every port that needs incoming traffic must be allowed through UFW. SSH is important, because if you enabled UFW without allowing the SSH port you may lose control of your server.
To see which applications should be allowed for incoming traffic, run ufw app list Permission:
Or, check the UFW application profile:
These are applications that require ports to be opened.
Comment: Applications that require ports to be enabled have a UFW profile.
Use the below command to know the port of a specific application.
The syntax of the command is:
sudo UFW App Information ,<ऐप-नाम>,
For example, to view the port name of ssh Use the command below:
sudo UFW App Information “openssh”
OpenSSH requires port 22 to function properly.
To check the full port of Apache use:
sudo UFW App Information “apache complete”
As can be seen Apache requires two ports 80 and 443 to work.
Enabling UFW will cause all incoming traffic to be rejected. To avoid your own exclusion from the server, it is important to add a rule to access the server via SSH before enabling UFW.
To add OpenSSH connection rules use:
Use the following command to add rules for the Apache web server:
Ports 80 and 443 are for HTTP and HTTPS respectively and both are required for the Apache web server.
sudo uh allow “apache complete”
After enabling the main port via UFW, you can enable UFW using enable ufw Permission.
UFW is the default firewall of various Linux distributions. By default, it is set to disabled as it may block traffic from some important ports like 22, 80, or 443. There are various procedures to activate it. UFW can be enabled through commands, the UFW configuration file, and the UFW graphical user interface. UFW disables all incoming traffic, so make sure the SSH rule is added before enabling UFW.