UFW, also known as Uncomplex Firewall, is adopted by many Linux distributions as their firewall system. UFW is designed to make it easy for novice users to manage firewall settings through both the command line interface and the graphical user interface.
UFW firewall is a system that monitors network traffic according to set rules to protect the network from network sniffing and other attacks. If you have UFW installed on your Linux system but its status shows as inactive, there could be several reasons. In this guide, I will share how to resolve the UFW firewall inactive issue on Linux systems.
Some reasons why UFW is inactive are as follows:
By default, UFW is disabled because it can block SSH or HTTP ports, which is very important for server communication and management. It denies all incoming traffic and allows outgoing traffic. As a server administrator, you can send requests and receive responses. However, the firewall blocks all incoming connections.
Incoming traffic is critical for SSH and HTTP communication. Without SSH, you will not be able to access the server remotely. Before enabling UFW, be sure to confirm that these critical ports are open to allow connections.
Note: I used Ubuntu 22.04 to execute the following commands, but the instructions are the same for other distributions.
In Linux, both pre-installed and manually installed UFW are disabled by default. You need to activate it.
To check the UFW status, execute the ufw status command in the terminal:
Sudoku UFW Status
You can also check the UFW status through the UFW configuration file. To access the file, use the command given below:
sudo cat/etc/ufw/ufw. conf
Read the file and check the ENABLED service. If not, it means UFW is disabled.
You can also launch the GUI application to check the UFW status.
The inactivity of UFW can be fixed by enabling it using the command line.
Before enabling UFW, it is best to take a look at the additional rules.
sudo ufw show add
NOTE: By default, UFW denies all incoming traffic.
To enable UFW, launch a terminal and run the UFW Enable command, which will enable UFW even on boot:
sudo ufw enable
To monitor the status, run the following command again:
sudo ufw status details
To set the status as a number, use Usage:
sudo ufw status number
You can also enable it using UFW configuration files. Open the UFW configuration file using nano editor:
sudo nano/etc/ufw/ufw. conf
Find ENABLED, change the status from no to yes, and save the file.
To save the file, press Ctrl X and it will prompt you to make changes, then press Y/y to save the file.
Note: The server must be restarted to enable UFW through the configuration file.
You can also enable UFW using UFW's GUI window. Launch the UFW application and toggle enable.
Every port requiring incoming traffic must be allowed through UFW. SSH is crucial because if you enable UFW and don't allow the SSH port, you may lose control of the server.
To see which application must be allowed for incoming traffic, run the ufw app list command:
sudo ufw app list
Alternatively, view the UFW application configuration file:
LS/ETC/UFW/Applications.d
These are applications that need to open ports.
NOTE: Applications that require port enabled have UFW profiles.
To know the port for a specific application, use the command below.
The syntax of this command is:
sudo ufw app info “”
For example, to view the SSH port name, use the following command:
sudo ufw app info “OpenSSH”
OpenSSH requires port 22 to work properly.
To check the Apache Full port, use: Purpose:
Sudoku UFW App Information "Apache Full Function"
Apache requires two ports 80 and 443 to work.
When UFW is enabled, all incoming traffic will be denied. To avoid yourself being excluded from the server, it's important to add a rule to access the server via SSH before enabling UFW.
To add OpenSSH connection rules, use the following actions: Purpose:
Sudoku UFW allows 22
or usage:
sudo ufw allow “OpenSSH”
To add a rule for the Apache web server, use the following command:
sudo ufw add 80,443/tcp
Ports 80 and 443 are used for HTTP and HTTPS respectively, both of which are required by the Apache web server.
or usage:
sudo ufw allow “Apache Full”
After enabling key ports through UFW, you can use the UFW Enable command to enable UFW.
UFW is the default firewall for various Linux distributions. By default, it is set to inactive as it may block traffic from certain important ports such as 22, 80 or 443. To make it active, there are various programs. UFW can be enabled using commands, UFW configuration files, and through the UFW GUI. UFW disables all incoming traffic, so make sure to add SSH rules before enabling UFW.
The above is the detailed content of How to fix UFW status showing as inactive in Linux. For more information, please follow other related articles on the PHP Chinese website!