How to Start, Stop, and Restart the Firewall on Ubuntu

Ubuntu Linux provides multiple ways to manage firewall services, primarily through UFW (Uncomplicated Firewall) and IPTables. Whether you are using UFW or directly working with IPTables, this guide will walk you through the process of starting, stopping, restarting, and managing firewall services on Ubuntu.

1. Checking Firewall Status

Before making any changes, check the current status of the firewall.

Check UFW Status

To see if UFW is active:

sudo ufw status

Example output when UFW is inactive:

Status: inactive

Example output when UFW is active:

Status: active

To                         Action      From
--                         ------      ----
22,53,80,443,3128/tcp      ALLOW       192.168.13.0/24  
22/tcp                     ALLOW       18.xxx.yyy.zzz  
22/tcp                     ALLOW       23.xxx.yyy.zzz  
53/udp                     ALLOW       192.168.13.0/24  

Check IPTables Status

If using IPTables instead of UFW, run:

sudo iptables -L -n -v

For IPv6 firewall rules:

sudo ip6tables -L -n -v

2. Starting, Stopping, and Restarting UFW

Start UFW Firewall

To enable and start the firewall service on boot:

sudo ufw enable

Stop UFW Firewall

To disable and stop the firewall:

sudo ufw disable

Restart UFW Firewall

To reload firewall rules:

sudo ufw reload

3. Managing UFW with systemctl

Ubuntu also allows managing UFW with the systemctl command.

Restart UFW

sudo systemctl restart ufw

Stop UFW

sudo systemctl stop ufw

Start UFW

sudo systemctl start ufw

Check UFW Service Status

sudo systemctl status ufw

Example output:

● ufw.service - Uncomplicated firewall
     Loaded: loaded (/lib/systemd/system/ufw.service; enabled; preset: enabled)
     Active: active (exited) since Wed 2024-07-17 14:06:34 UTC; 3 weeks 5 days ago
       Docs: man:ufw(8)

4. Managing IPTables Firewall

If you are using IPTables instead of UFW, you need to manually save and restore firewall rules.

Save Current IPTables Rules

sudo iptables-save > $HOME/firewall.txt

For IPv6 firewall:

sudo ip6tables-save > $HOME/firewall-6.txt

Restore IPTables Rules

sudo iptables-restore < $HOME/firewall.txt

For IPv6 firewall:

sudo ip6tables-restore < $HOME/firewall-6.txt

Stop IPTables Firewall

To completely stop IPTables and allow all traffic:

sudo iptables-save > $HOME/firewall.txt
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT

For IPv6 firewall:

sudo ip6tables-save > $HOME/firewall-6.txt
sudo ip6tables -X
sudo ip6tables -t mangle -F
sudo ip6tables -t mangle -X
sudo ip6tables -P INPUT ACCEPT
sudo ip6tables -P FORWARD ACCEPT
sudo ip6tables -P OUTPUT ACCEPT

5. Understanding IPTables Commands

• -F → Flush all rules in a chain.
• -X → Delete user-defined chains.
• -P INPUT ACCEPT → Set the default policy for INPUT chain to ACCEPT.
• -L -n -v → List all rules in numeric and verbose format.

6. Summary

• Use UFW for a simple firewall interface:
  • sudo ufw enable (Start UFW)
  • sudo ufw disable (Stop UFW)
  • sudo ufw reload (Restart UFW)
• Use systemctl for service management:
  • sudo systemctl restart ufw (Restart UFW)
  • sudo systemctl stop ufw (Stop UFW)
  • sudo systemctl start ufw (Start UFW)
• For advanced users, manage firewall rules with IPTables:
  • sudo iptables -L -n -v (Check rules)
  • sudo iptables-save > $HOME/firewall.txt (Save rules)
  • sudo iptables-restore < $HOME/firewall.txt (Restore rules)

Ubuntu provides both UFW and IPTables to give users flexibility in managing firewall security. Choose the method that best suits your needs, whether it’s the simplicity of UFW or the power of IPTables for advanced configurations.