The Uncomplicated FireWall is a front-end for iptables, to make managing a
Netfilter firewall easier. It provides a command line interface with syntax
similar to OpenBSD's Packet Filter. It is particularly well-suited as a
host-based firewall.


Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install ufw deb package:
    # sudo apt-get install ufw




2012-07-20 - Jamie Strandboge <jamie@ubuntu.com>
ufw (0.31.1-2) unstable; urgency=low
* Simplify unload of firewall and play nicely with other firewall tools by
using ufw-init instead of iptables directly. 'ufw-init stop' by design
leaves a few empty chains around, but they won't get in the way of
anything and are gone after the next reboot. Using upstream's ufw-init has
the important benefit of always cleaning what it needs. (Closes: 672439).
- debian/prerm: call '/lib/ufw/ufw-init stop' on removal
- debian/postrm: don't flush the chains on purge
2012-04-04 - Jamie Strandboge <jamie@ubuntu.com>
ufw (0.31.1-1) unstable; urgency=low
* New upstream release (Closes: 663677, Closes: 625681)
* debian/control: update to standards 3.9.3
* convert to source format 3.0 (quilt)
* 0001-optimize-boot.patch: only read in /etc/ufw/ufw.conf when disabled
* debian/rules: adjust to only install the application profiles when not
* debian/po/nl.po: add Dutch translation of debconf templates. Thanks to
Jeroen Schot (Closes: 658495)
* debian/po/da.po: add Danish translation of debconf templates. Thanks to
Joe Dalton (Closes: 666557)
2011-07-18 - Jamie Strandboge <jamie@ubuntu.com>
ufw (0.30.1-2) unstable; urgency=low
* debian/control: make lintian clean:
- update Standards-Version to 3.9.2
- Build-Depends on python (>= 2.6.6-3~)
* conf/ufw.defaults:
- remove IRC connection tracking, which is only required for DCC.
Cherrypick r741 from trunk
- allow nf_conntrack_netbios_ns (Samba). Cherrypick r744 from trunk.
LP: #360975 (Closes: 631737)
* enable IPv6 by default and fix 'allow to any ipv6' when IPv6 is enabled.
Cherrypick r742 from trunk.
* update manpage references to ufw and ufw-framework to include the section.
Cherrypick r743 from trunk.
* ACCEPT UPnP ( for IPv4 and ff02::f for IPv6) for service
discovery just like we do for mDNS (ie, allow discovery, but not
connections to the services). LP: #764933
* debian/ufw.logrotate.debian, debian/ufw.logrotate.ubuntu, debian/rules:
use 'rotate' option in Debian logrotate file and split out ufw.logrotate
like we do the initscript since because Ubuntu's rsyslog doesn't have the
'rotate' option yet. (Closes: 628605)
* Cherrypick r746 from trunk to update check-requirements to prompt to
continue with tests that may autoload modules. Add '-f' option to
check-requirements and update test suite accordingly (LP: #782816)
* Cherrypick r747 from trunk to not fail when running 'show listening' under
fakeroot (LP: #812516)
* debian/postinst:
- remove some old upgrade transition code for unsupported upgrade paths
- reload ufw if it is enabled and we are upgrading to this version since
this is needed after enabling IPv6
* debian/rules: add build-arch and build-indep targets
2011-05-08 - Piotr O┼╝arowski <piotr@debian.org>
ufw (0.30.1-1.1) unstable; urgency=low
* Non-maintainer upload.
* Rebuild to add Python 2.7 support
2011-03-21 - Jamie Strandboge <jamie@ubuntu.com>
ufw (0.30.1-1) unstable; urgency=low
* New upstream release which fixes the following:
- LP: #501140
- LP: #740249
- LP: #740256
- LP: #720605
* debian/ufw.logrotate: remove upstartism thanks to Michael Biebl
(Closes: 607696)
* debian/sysctl.conf: merge in upstream (commented out) changes surrounding
ipv6 forwarding and privacy addresses
* debian/before*.rules.md5sum: updated for recent changes

