Enable IPv6 and Forwarding

# /etc/default/ufw


Enable Forwarding Policy

$ sudo ufw default allow routed


# /etc/default/ufw

Enable ip Forwarding
# /etc/sysctl.conf


Reload changes

$ sudo sysctl -p

Default Policies (allow ssh)

NOTE: make sure ufw is disabled before setting up default policies

$ sudo ufw disable 
$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing
$ sudo ufw limit ssh
$ sudo ufw enable

Allow Other Connections

$ sudo ufw allow http
$ sudo ufw allow https

# port ranges
$ sudo ufw allow 6000:6007/tcp
$ sudo ufw allow 6000:6007/udp

# ip addresses
$ sudo ufw allow from
$ sudo ufw allow from to any port 22

# special network interface (ex. eth0)
$ sudo ufw all in on eth0 to any pot 80

Denying Connection

It sames as allowing connection. Change the allow to deny

$ sudo ufw deny http

Deleting Rules

By Rule Number
# numbered will let status show number ids of rules
$ sudo ufw status numbered
$ sudo ufw delete 2
By Actural Rule

Add delete before allow

sudo ufw delete allow http

Port Forwarding

  • Edit /etc/ufw/before.rules
# forward port 80 to
# forward port 443 to
-A PREROUTING -i eth0 -d -p tcp --dport 80 -j DNAT --to-destination
-A PREROUTING -i eth0 -d -p tcp --dport 443 -j DNAT --to-destination
# setup routing
  • Open host port
$ sudo ufw allow proto tcp from any to port 80
$ sudo ufw allow proto tcp from any to port 443
  • Check settings
$ sudo ufw status
$ sudo iptables -t nat -L -n -v


How to configure ufw to forward port 80/443 to internal server hosted on LAN

To Fix The Docker and UFW Security Flaw Without Disabling Iptables

ufw - program for managing a netfilter firewall

Pre-define network

Disable docker iptables function