Below are some simple commands around working with UFW. UFW is included in Ubuntu. However it may need to be enable.
Show status
sudo ufw status
Disable UFW Service
sudo systemctl stop ufw && sudo systemctl disable ufw
Stop UFW Service
sudo systemctl stop ufw
Start UFW service
sudo systemctl stop ufw
Enable UFW
sudo ufw enable
Allow SSH
sudo ufw allow 22/tcp
Show status
sudo ufw status numbered
Example output
sudo ufw status numbered Status: activeTo Action From-- ------ ----[1] 3478/udp ALLOW IN Anywhere [2] 5514/udp ALLOW IN Anywhere [3] 8080/tcp ALLOW IN Anywhere [4] 8443/tcp ALLOW IN Anywhere [5] 8880/tcp ALLOW IN Anywhere [6] 8843/tcp ALLOW IN Anywhere [7] 6789/tcp ALLOW IN Anywhere [8] 27117/tcp ALLOW IN Anywhere [9] 22/tcp ALLOW IN Anywhere
Delete rule
You need to know the number of the rule you want to delete. Replace number with the number of the rule from the status command
sudo ufw delete number
Reset rules
sudo ufw reset
Allow access to port from specific IP address
Example command allows access to SSH (port 22) from the 172.16.0.0/12 ip range.
sudo ufw allow proto tcp from 172.16.0.0/12 to any port 22
One note: It appears that you need to run the rule with every IP range you want to allow.
Allow access to port from all private IP ranges (RFC 1918)
If we wanted to allow SSH (port 22) from all local IP addresses, we would need to run the following three commands.
sudo ufw allow proto tcp from 10.0.0.0/8 to any port 22 sudo ufw allow proto tcp from 172.16.0.0/12 to any port 22 sudo ufw allow proto tcp from 192.168.0.0/16 to any port 22
The following link has more information regarding UFW firewall and subnets.
https://www.cyberciti.biz/faq/ufw-allow-incoming-ssh-connections-from-a-specific-ip-address-subnet-on-ubuntu-debian/