UFW (a.k.a. Uncomplicated Firewall) is a security tool pre-installed in Ubuntu-based Linux distributions. It's usually disabled by default, but on server systems, it might be active and running. This could prevent us from accessing server applications like Apache and Nginx, which run on ports 80 and 443.

Since the firewall is crucial for system security, it is recommended to keep it enabled and instead allow (or permit) the necessary ports for external access. If you're new to Linux and unsure how to do this, this article is here to guide you.

Check Status of Port 80 and 443 in UFW

UFW operates based on assigned rules, but when you install it, the rule set will be empty. However, this may not be the case on a pre-configured system, especially one set up for a specific application, where UFW might be enabled with rules that deny access to ports 80 and 443.

To check whether these ports are blocked using UFW, run:

$ sudo ufw status
checking UFW status

As you can see, aside from the active status, there are no indications of any rules, which means we can freely access the desired ports. However, if there were restrictions, the output of UFW would have appeared like this:

UFW with Apache rules

Apache Full and its duplicate (v6) are profiles for IPv4 and IPv6 that include rules for both port 80 and 443. The Apache Full profile name appears only because the rules were added using this profile name.

This might confuse some people, so you can use the verbose option at the time of running the command to list the profile name as well as the port number.

Checking UFW status in verbose mode

Finally, it’s clear that ports 80 and 443 are blocked by the UFW firewall using the Apache Full profile. Let’s learn how to allow them.

Allow Port 80 and 443 in UFW

The easiest and quickest way to remove the restriction on ports 80 and 443, regardless of the method used to add them, is to use the following command:

$ sudo ufw allow 80/tcp
$ sudo ufw allow 443/tcp
Allowing port 80 and 443 using UFW

To confirm whether these ports are allowed to communicate, we can re-check the status of UFW.

Confirm ports 80 and 443 allowed in UFW

As you can see, we have allowed ports 80 and 443. It's important to note that while the Apache Full rules remain set to DENY, the specific ALLOW rules for ports 80 and 443 override them and do not impact us.

Now, you can access these ports both inside and outside the network without any restrictions.

Deny Port 80 and 443 in UFW

Under any circumstances, if you wish to reapply the restriction, you can remove the added rules.

$ sudo ufw delete allow 80/tcp
$ sudo ufw delete allow 443/tcp
Deleting port 80 and 443 rules in UFW

Although it's not recommended, if you find yourself in a situation where you need to block them permanently, you can add explicit DENY rules (yet, it can be removed later).

$ sudo ufw deny 80/tcp
$ sudo ufw deny 443/tcp

Additionally, if you want to restrict access to a specific IP address or range, run:

$ sudo ufw allow from <IP_ADDRESS> to any port 80
$ sudo ufw allow from <IP_ADDRESS> to any port 443

After making the changes, be sure to reload the firewall.

$ sudo ufw reload

That's it!

Conclusion

In this article, we learned how to check the status of the UFW firewall to confirm whether the rules for ports 80 and 443 exist, then we understood the difference between profile names and port numbers in the firewall status, and finally, we successfully removed the restriction from these ports using UFW.