ufw is an uncomplicated configuration tool for firewalls. It is designed to be usable by people who have no experience with firewalls or want an uncomplicated way to modify the underlying iptables and netfilter rulesets.
For example:
ufw allow all port 22 traffic (UDP and TCP):
ufw allow 22
iptables allow port 22 traffic (UDP and TCP):
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p udp --dport 22 -j ACCEPT
Comparatively, ufw permits users to modify the basic firewall needs with limited knowledge of iptables or such.
It in and of itself only modifies iptables / netfilter rules when 'enabled'. It does not run as its own process, in that sense, because the rules it applies are updated on the fly; I am fairly certain it doesn't continue to 'run'.
The only way I would consider ufw to be a service is in that, at boot time, it may be able to restore whatever rules are defined in it. However, iptables-persistent does the same thing, and is not really a service, therefore I do not consider ufw a service, as such, as to determine if ufw (that is, the actual firewall rules) are being enforced is with ufw status.
As per the Community Help Documentation on ufw, it says nothing about ufw being a service, which seems to support this.
And through testing, I have confirmed that ufw is just a less complicated way to 'configure' firewall rules - the real magic of ufw is that it sets up iptables / netfilter rules which you can then see with iptables -L when ufw is enabled.
Best Answer
The answer before mine is right. But let's see if we can make it sound simple.
iptablesis the main firewall. It talks to the kernel. It's more complicated.ufwwants to make it "uncomplicated" ("ufw" stands for "uncomplicated firewall"). It talks toiptables. It's a command line tool.The G in Gufw must stand for "graphical", which should provide a click-click interface for
ufw. It talks toufw. It's a GUI.Now I hope we could make out their functions and dependencies. ;-)