Install and Setup UFW Firewall on CentOS 8 / RHEL 8
UFW is known as Uncomplicated Firewall . According to Ubuntu, Uncomplicated Firewall (ufw) is a frontend for iptables and is particularly well-suited for host-based firewalls. ufw provides a framework for managing netfilter, as well as a command-line interface for manipulating the firewall.
In this tutorial, we are going to install and setup UFW on CentOS 8. All commands will work for RHEL 8.
Table of Contents
- Install and Enable UFW
- UFW Default Policy
- Add Firewall Rules
- Delete Firewall Rules
- Advanced UFW Rules
- Tip – UFW NOT blocking IP
- More Info
Step 1 : Install and Enable UFW
UFW isn’t available on the CentOS repository. We need to install the EPEL repository on our server.
sudo dnf install epel-release -y
Now install and enable UFW:
# install
sudo dnf install ufw -y
# enable
sudo ufw enable
Check the status of UFW:
sudo ufw status
To disable UFW, you’ve to run this command:
sudo ufw disable
Step 2 : UFW Default Policy
By default, the UFW block all incoming traffic and allow all outgoing traffic. You can run the below commands to set the default policy:
sudo ufw default allow outgoing
sudo ufw default deny incoming
Step 3 : Add Firewall Rules
We can easily add rules in UFW firewall. Let’s open HTTP (80) port:
sudo ufw allow http
# or
sudo ufw allow 80
To filter packets based on TCP or UDP, we need to run the following command:
sudo ufw allow 80/tcp
sudo ufw allow 21/udp
We can deny any incoming and outgoing traffic to any port:
sudo ufw deny 8081
We can check the running ports easily:
# method 1
sudo ufw status
# method 2
sudo ufw status numbered
# method 3
sudo ufw status verbose
Step 4 : Delete Firewall Rules
Like addition, we can easily remove rules too. Here’s the example:
sudo ufw delete allow http
sudo ufw delete deny 8081
We can also delete a rule by its number. Run sudo ufw status numbered
and you’ll see the number beside the rules. Then you can delete like this:
sudo ufw delete 5
To remove all rules:
sudo ufw reset
Step 5 : Advanced UFW Rules
Allow or deny a specific IP to access all services:
# allow
sudo ufw allow from 192.168.2.57
# deny
sudo ufw deny from 192.168.2.57
To allow a specific IP address/port combination:
sudo ufw allow proto tcp from 192.168.2.57 to any port 22
Allow or deny a specific IP range ( 192.168.1.1 to 192.168.1.254) to access all services:
# allow
sudo ufw allow from 192.168.1.0/24
# deny
sudo ufw deny from 192.168.1.0/24
Block subnet on port:
sudo ufw deny proto tcp from 192.168.2.0/24 to any port 22
To allow access to TCP and UDP port range from 1000 to 1500:
sudo ufw allow 1000:1500/tcp
sudo ufw allow 1000:1500/udp
To allow HTTP traffic on network interface eth0:
sudo ufw allow in on eth0 to any port 80
Step 6 : Tip – UFW NOT Blocking IP
After adding rules, if UFW not blocking IP, open UFW config file:
sudo nano /etc/ufw/before.rules
Find this line # End required lines
and after this line, add rule like this:
# block single IP
-A ufw-before-input -s 192.168.2.57 -j DROP
# block subnet
-A ufw-before-input -s 192.168.2.0/24 -j DROP
You can also try this:
sudo ufw insert 1 deny from 192.168.2.57 comment 'Block spammer'
sudo ufw insert 1 deny from 192.168.2.0/24 comment 'Block XSS attack subnet'
Step 7 : More Info
Here are the config files of UFW:
/etc/ufw/before.rules
/etc/ufw/before6.rules
/etc/ufw/after.rules
/etc/ufw/after6.rules
To enable/disable logging, use the following command:
# on
sudo ufw logging on
# off
sudo ufw logging off
Check logs:
sudo tail -f /var/log/ufw.log
See recently added rules:
sudo ufw show added
That’s all. Thanks for reading. ?
Comment
Preview may take a few seconds to load.
Markdown Basics
Below you will find some common used markdown syntax. For a deeper dive in Markdown check out this Cheat Sheet
Bold & Italic
Italics *asterisks*
Bold **double asterisks**
Code
Inline Code
`backtick`Code Block```
Three back ticks and then enter your code blocks here.
```
Headers
# This is a Heading 1
## This is a Heading 2
### This is a Heading 3
Quotes
> type a greater than sign and start typing your quote.
Links
You can add links by adding text inside of [] and the link inside of (), like so:
Lists
To add a numbered list you can simply start with a number and a ., like so:
1. The first item in my list
For an unordered list, you can add a dash -, like so:
- The start of my list
Images
You can add images by selecting the image icon, which will upload and add an image to the editor, or you can manually add the image by adding an exclamation !, followed by the alt text inside of [], and the image URL inside of (), like so:
Dividers
To add a divider you can add three dashes or three asterisks:
--- or ***

Comments (0)