# Open/close Ports with UFW


**The Uncomplicated Firewall (ufw)** is the default software firewall solution for Debian-based operating systems. It is essentially a wrapper on top of **iptables** that allows for a more streamlined approach to managing the access on your server.

## Prerequisite


Sudo access to Ubuntu or Debian server with Iptable installed in it.

### Step 1 : Check UFW Status


UFW is part of the standard Ubuntu/Debian installation and should be present on your system. You can check **ufw** service running status through below mentioned commands

```bash
systemctl status ufw
```

UFW is disabled by default. You can check the status of the UFW service with the following command:

```bash
ufw status
```

or 

```bash
ufw status verbose
```
:::info Note
If **UFW firewall** is enabled on your Server node then you have to allow required port in UFW also.
:::

### Step 2 : Allow port

Rules can be added in two ways: By denoting the port number or by using the service name. You can open the port by specifying the port and protocol (TCP/UDP) in UFW Firewall. 

The following example shows the format for rules within **ufw** :

```bash
ufw [allow/deny] from [ip] to [dest/any] port [port]
```
:::info Note
You can also specify ranges of ports by separating the ports by a colon, such as **2222:3333** . Additionally, you can specify a subnet mask for IP addresses, such as **1.2.3.4/32** . Furthermore, ufw allows for common service whitelisting by name. This means you can you specify ssh in the rule rather than specifying port.
:::

For example, to allow both incoming and outgoing connections on desired port for SSH, you can run

```bash
ufw allow ****
```

or

```bash
ufw allow ****/tcp
```

:::info Note
Please replace \*\*\*\* with desired port number to be blocked.
:::

## Deny Port/Outgoing Traffic


To close port in ufw please refer command below.

```bash
ufw deny ****/tcp
```

To prevent outgoing traffic on port please refer below.

```bash
ufw deny out ****
```
To deny outgoing traffic for the specific ip:

```bash
ufw allow out to xxx.xx.xx.xx port ****
```
:::info Note
Please replace xxx.xx.xx.xx with desired IP and \*\*\*\* with desired port number to be blocked.
:::

### Step 3 : Check UFW Status


You can check the status of UFW at any time with the command: **sudo ufw status**. This will show a list of all rules, and whether or not UFW is active:

```info Note

# ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere                  
1167                       ALLOW       Anywhere                  
10050                      ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
22 (v6)                    ALLOW       Anywhere (v6)             
1167 (v6)                  ALLOW       Anywhere (v6)             
10050 (v6)                 ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6) 
```

## Conclusion

You learned how to open ssh port using ufw on Ubuntu or Debian Linux server. See ufw home page `here for more info <https://help.ubuntu.com/community/UFW>`_.


---