A firewall is a tool for monitoring and filtering incoming and outgoing network traffic. It works by defining a set of security rules that determine whether to allow or block specific traffic.

Ubuntu ships with a firewall configuration tool called UFW (Uncomplicated Firewall). It is a user-friendly front-end for managing iptables firewall rules. Its main goal is to make managing a firewall easier or, as the name says, uncomplicated.

This article describes how to use the UFW tool to configure and manage a firewall on Ubuntu 24.04. A properly configured firewall is one of the most important aspects of overall system security.

Prerequisites #

Only root or users with sudo privileges can manage the system firewall. The best practice is to run administrative tasks as a sudo user.

Install UFW #

UFW is part of the standard Ubuntu 24.04 installation and should be present on your system. If for some reason it is not installed, you can install the package by typing:

sudo apt update
sudo apt install ufw

Check UFW Status #

UFW is disabled by default. You can check the status of the UFW service with the following command:

sudo ufw status verbose

The output will show that the firewall status is inactive:

Status: inactive

If UFW is activated, the output will look something like the following:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

UFW Default Policies #

The default behavior of the UFW firewall is to block all incoming and forwarding traffic and allow all outbound traffic. This means that anyone trying to access your server will not be able to connect unless you specifically open the port. Applications and services running on your server will be able to access the outside world.

The default policies are defined in the /etc/default/ufw file and can be changed either by manually modifying the file or with the sudo ufw default <policy> <chain> command.

Firewall policies are the foundation for building more complex and user-defined rules. Generally, the initial UFW default policies are a good starting point.

Application Profiles #

An application profile is a text file in INI format that describes the service and contains firewall rules for the service. Application profiles are created in the /etc/ufw/applications.d directory during the installation of the package.

You can list all application profiles available on your server by typing:

sudo ufw app list

Depending on the packages installed on your system, the output will look similar to the following:

Available applications:
Nginx Full
Nginx HTTP
Nginx HTTPS
OpenSSH

To find more information about a specific profile and included rules, use the following command:

sudo ufw app info 'Nginx Full'

The output shows that the ‘Nginx Full’ profile opens ports 80 and 443.

Profile: Nginx Full
Title: Web Server (Nginx, HTTP + HTTPS)
Description: Small, but very powerful and efficient web server
Ports:
80,443/tcp

You can also create custom profiles for your applications.

Enabling UFW #

If you are connecting to your Ubuntu server from a remote location, before enabling the UFW firewall you must explicitly allow incoming SSH connections. Otherwise, you will no longer be able to connect to the machine.

To configure your UFW firewall to allow incoming SSH connections, type the following command:

sudo ufw allow ssh

Rules updated
Rules updated (v6)

If SSH is running on a non-standard port , you need to open that port.

For example, if your ssh daemon listens on port 7722, enter the following command to allow connections on that port:

sudo ufw allow 7722/tcp

Now that the firewall is configured to allow incoming SSH connections, you can enable it by typing:

sudo ufw enable

Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

You will be warned that enabling the firewall may disrupt existing ssh connections; type y and hit Enter.

Opening Ports #

Depending on the applications that run on the system, you may also need to open other ports. The general syntax to open a port is as follows:

ufw allow port_number/protocol

Below are a few ways to allow HTTP connections.

The first option is to use the service name. UFW checks the /etc/services file for the port and protocol of the specified service:

sudo ufw allow http

You can also specify the port number and the protocol:

sudo ufw allow 80/tcp

When no protocol is given, UFW creates rules for both tcp and udp.

Another option is to use the application profile; in this case, ‘Nginx HTTP’:

sudo ufw allow 'Nginx HTTP'

UFW also supports another syntax for specifying the protocol using the proto keyword:

sudo ufw allow proto tcp to any port 80

Port Ranges #

UFW also allows you to open port ranges. The start and the end ports are separated by a colon (:), and you must specify the protocol, either tcp or udp.

For example, if you want to allow ports from 7100 to 7200 on both tcp and udp, run the following commands:

sudo ufw allow 7100:7200/tcp
sudo ufw allow 7100:7200/udp

Specific IP Address and Port #

To allow connections on all ports from a given source IP, use the from keyword followed by the source address.

Here is an example of allowlisting an IP address:

sudo ufw allow from 64.63.62.61

If you want to allow the given IP address access only to a specific port, use the to any port keyword followed by the port number.

For example, to allow access on port 22 from a machine with IP address 64.63.62.61, enter:

sudo ufw allow from 64.63.62.61 to any port 22

Subnets #

The syntax for allowing connections to a subnet of IP addresses is the same as when using a single IP address. The only difference is that you need to specify the netmask.

Below is an example showing how to allow access for IP addresses ranging from 192.168.1.1 to 192.168.1.254 to port 3306 (MySQL):

sudo ufw allow from 192.168.1.0/24 to any port 3306

Specific Network Interface #

To allow connections on a particular network interface, use the in on keyword followed by the name of the network interface:

sudo ufw allow in on eth2 to any port 3306

Denying Connections #

The default policy for all incoming connections is set to deny, and if you have not changed it, UFW will block all incoming connections unless you specifically open the connection.

Writing deny rules is the same as writing allow rules; you only need to use the deny keyword instead of allow.

Say you opened ports 80 and 443, and your server is under attack from the 23.24.25.0/24 network. To deny all connections from that network, run:

sudo ufw deny from 23.24.25.0/24

To deny access only to ports 80 and 443 from 23.24.25.0/24, use the following command:

sudo ufw deny proto tcp from 23.24.25.0/24 to any port 80,443

Deleting UFW Rules #

There are two ways to delete UFW rules: by rule number, and by specifying the actual rule.

Deleting rules by rule number is easier, especially when you are new to UFW. To delete a rule by number, first find the number of the rule you want to delete. To get a list of numbered rules, use the ufw status numbered command:

sudo ufw status numbered

Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 80/tcp ALLOW IN Anywhere
[ 3] 8080/tcp ALLOW IN Anywhere

To delete rule number 3, the one that allows connections to port 8080, enter:

sudo ufw delete 3

The second method is to delete a rule by specifying the actual rule. For example, if you added a rule to open port 8069 you can delete it with:

sudo ufw delete allow 8069

Disabling UFW #

If you want to stop UFW and deactivate all the rules, use:

sudo ufw disable

To re-enable UFW and activate all rules, type:

sudo ufw enable

Resetting UFW #

Resetting UFW will disable it and delete all active rules. This is helpful if you want to revert all your changes and start fresh.

To reset UFW, run the following command:

sudo ufw reset

IP Masquerading #

IP Masquerading is a variant of NAT (network address translation) in the Linux kernel that translates network traffic by rewriting the source and destination IP addresses and ports. With IP Masquerading, you can allow one or more machines in a private network to communicate with the internet using one Linux machine that acts as a gateway.

Configuring IP Masquerading with UFW involves several steps.

First, you need to enable IP forwarding. To do that, open the /etc/ufw/sysctl.conf file:

sudo nano /etc/ufw/sysctl.conf

Find and uncomment the line which reads net.ipv4.ip_forward=1:

net.ipv4.ip_forward=1

Next, you need to configure UFW to allow forwarded packets. Open the UFW configuration file:

sudo nano /etc/default/ufw

Locate the DEFAULT_FORWARD_POLICY key, and change the value from DROP to ACCEPT:

DEFAULT_FORWARD_POLICY="ACCEPT"

Now you need to set the default policy for the POSTROUTING chain in the nat table and the masquerade rule. To do so, open the /etc/ufw/before.rules file:

sudo nano /etc/ufw/before.rules

Append the following lines:

#NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]

# Forward traffic through eth0 - Change to public network interface
-A POSTROUTING -s 10.8.0.0/16 -o eth0 -j MASQUERADE

# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

Replace eth0 in the -A POSTROUTING line with the name of your public network interface.

When you are done, save and close the file. Finally, reload the UFW rules:

sudo ufw disable
sudo ufw enable

Troubleshooting #

UFW blocks SSH after enabling it
If you enabled UFW without first allowing SSH, you will lose access to a remote server. To recover, you need console access (via your hosting provider’s web console) and run sudo ufw allow ssh followed by sudo ufw enable. Always allow SSH before enabling UFW on a remote machine.

Rules not active after ufw reset
After a reset, UFW is disabled and all rules are cleared. You need to re-add your rules and run sudo ufw enable to bring the firewall back up.

IPv6 rules not created
If ufw status shows rules only for IPv4, check that IPV6=yes is set in /etc/default/ufw, then run sudo ufw disable && sudo ufw enable to reload the configuration.

Application profile not found
If sudo ufw allow 'Nginx Full' returns an error, the profile may not be installed yet. Install the relevant package first (for example, nginx), then retry.

Conclusion #

We have shown you how to install and configure a UFW firewall on your Ubuntu 24.04 server. For a full reference of UFW commands and options, see the UFW man page .

Both apt and apt-get manage packages on Debian-based systems. They talk to the same package database, resolve the same dependencies, and pull from the same repositories. Yet they exist as separate tools, and choosing the wrong one in the wrong context can cause minor headaches.

This guide explains how apt and apt-get differ, when to use each one, and how their commands map to each other.

Why Two Tools Exist #

apt-get has been the standard Debian package manager since 1998. It is reliable and well-documented, but its interface was designed for an era when terminal usability was an afterthought. Related tasks like searching and showing package details live in a separate tool called apt-cache, so users constantly switch between the two.

The apt command was introduced in Debian 8 and Ubuntu 14.04 (APT version 1.0, released in 2014) as a user-friendly front end. It combines the most common apt-get and apt-cache operations into a single command, adds a progress bar, and uses colored output by default.

Both tools are part of the same apt package and share the same underlying libraries. Installing one always installs the other.

User-Facing Differences #

When you run apt install in a terminal, you will notice a few things that apt-get does not do:

• A progress bar at the bottom of the screen shows overall download and install progress.
• Newly installed packages are highlighted in the output.
• The number of upgradable packages is shown after apt update finishes.
• Output is formatted with color when connected to a terminal.

These features make apt more pleasant for interactive use. They also make its output less predictable for scripts, since the formatting can change between APT versions without warning. The apt man page states this explicitly: the command line interface of apt “may change between versions” and “should not be used in scripts.”

apt-get, on the other hand, guarantees a stable output format. Its behavior and exit codes are consistent across versions, which is why automation tools like Ansible, Docker, and CI pipelines use apt-get rather than apt.

Command Comparison #

The table below maps the most common apt commands to their apt-get or apt-cache equivalents:

As you can see, apt merges apt-get and apt-cache into one tool and adds a few convenience commands like apt list and apt edit-sources that have no direct apt-get equivalent.

When to Use apt #

Use apt for everyday interactive work in the terminal. If you are installing a package, checking for updates, or searching the repository by hand, apt is the better choice. The progress bar and cleaner output make it easier to follow what is happening.

For example, to update your package index and upgrade all packages:

sudo apt update && sudo apt upgrade

To search for a package and then install it:

apt search nginx

sudo apt install nginx

When to Use apt-get #

Use apt-get in shell scripts, Dockerfiles, CI pipelines, and any automated workflow. The stable output format means your scripts will not break when the system upgrades to a newer APT version.

A typical Dockerfile uses apt-get with the -y flag to skip confirmation prompts:

RUN apt-get update && apt-get install -y \
 curl \
 git \
 && rm -rf /var/lib/apt/lists/*

The same applies to Bash scripts and configuration management tools. If the command runs without a human watching the output, use apt-get.

Advanced Operations #

The commands below work with both apt and apt-get, but they are better documented and more established under apt-get. In scripts and Dockerfiles, prefer the apt-get form for consistency and stability.

• apt-get install --no-install-recommends pkg — Install a package without pulling in recommended (but not required) dependencies. This is widely used in Docker images to keep the image size small.
• apt-get install --allow-downgrades pkg — Allow installing an older version of a package.
• apt-get build-dep pkg — Install all build dependencies needed to compile a package from source.
• apt-get source pkg — Download the source package.
• apt-get download pkg — Download the .deb file without installing it.
• apt-get changelog pkg — Display the package changelog.
• apt-get clean / apt-get autoclean — Clear the local package cache.

FAQ #

Is apt-get deprecated? No. apt-get is actively maintained and receives updates alongside apt. The APT developers have stated that apt-get will not be removed. It remains the recommended tool for scripts and automation.

Can I replace all apt-get commands with apt? For interactive terminal use, yes. For scripts, no. The apt output format is not guaranteed to remain stable, and its interface may change between versions. Stick with apt-get in any automated workflow.

Is there a performance difference between apt and apt-get? No. Both tools use the same libraries and resolve dependencies the same way. The only difference is the user interface. Install and download speeds are identical.

What about apt-cache? Is it still needed? For interactive use, apt search and apt show replace the most common apt-cache operations. For scripts or when you need advanced query options like apt-cache policy or apt-cache depends, you should still use apt-cache directly.

Conclusion #

Use apt when you are typing commands at a terminal, and apt-get when you are writing scripts or Dockerfiles. For a complete reference of apt subcommands, see the apt Command in Linux guide and the APT cheatsheet .

TeamViewer is a cross-platform remote access and support solution that allows you to connect to and control remote computers over the internet. It supports remote control, file transfer, desktop sharing, and online meetings across Windows, macOS, and Linux.

This guide explains how to install TeamViewer on Ubuntu 24.04.

Quick Reference #

Prerequisites #

You need to be logged in as root or as a user with sudo privileges .

Installing TeamViewer on Ubuntu 24.04 #

TeamViewer is proprietary software and is not available in the standard Ubuntu repositories. You will download and install the official .deb package directly from TeamViewer.

Open your terminal and download the latest TeamViewer .deb package using wget :

wget https://download.teamviewer.com/download/linux/teamviewer_amd64.deb

Once the download is complete, update the package index and install the package:

sudo apt update
sudo apt install ./teamviewer_amd64.deb

When prompted Do you want to continue? [Y/n], type Y to confirm.

TeamViewer is now installed on your Ubuntu 24.04 system.

Starting TeamViewer #

You can launch TeamViewer from the command line:

teamviewer

Alternatively, open the Activities menu, search for “TeamViewer”, and click its icon.

When TeamViewer starts for the first time, it will prompt you to accept the license agreement. Click “Accept License Agreement” to continue.

After accepting, the main TeamViewer window opens and displays your ID and Password. Share these with anyone who needs to connect to your machine, or enter a remote computer’s ID to initiate a connection yourself.

Updating TeamViewer #

During installation, the official TeamViewer repository is added to your system. You can verify it with the cat command :

cat /etc/apt/sources.list.d/teamviewer.list

deb https://linux.teamviewer.com/deb stable main

Because the repository is configured, you can update TeamViewer the same way you update any other package:

sudo apt update
sudo apt upgrade teamviewer

You can also update through the Software Updater application in the GNOME desktop.

Uninstalling TeamViewer #

To remove TeamViewer while keeping its configuration files:

sudo apt remove teamviewer

To remove TeamViewer along with all its configuration files:

sudo apt purge teamviewer

To also remove the TeamViewer APT repository so it no longer appears in your package sources:

sudo rm /etc/apt/sources.list.d/teamviewer.list
sudo apt update

Troubleshooting #

teamviewer: command not found after installation Close and reopen your terminal, or log out and back in so the new binary is picked up by your shell’s PATH. If the issue persists, verify the installation with which teamviewer or dpkg -l teamviewer.

Qt library errors during installation Run sudo apt install -f to resolve broken or missing dependencies, then retry the installation.

dpkg error when installing the .deb file Run sudo dpkg --configure -a to fix any interrupted package operations, then run sudo apt install ./teamviewer_amd64.deb again.

TeamViewer shows “Not ready. Please check your connection.” This usually means the TeamViewer daemon is not running or cannot reach the internet. Try restarting the service:

sudo systemctl restart teamviewerd

Verify the service is active:

sudo systemctl status teamviewerd

Wrong architecture — running an ARM system The teamviewer_amd64.deb package is for 64-bit x86 systems. For ARM-based systems such as a Raspberry Pi running Ubuntu, download the ARM package from the TeamViewer Linux downloads page .

FAQ #

Is TeamViewer free on Linux? TeamViewer is free for personal and non-commercial use. Commercial use requires a paid license. See the TeamViewer pricing page for details.

Does the same installation method work on Ubuntu 22.04 and Debian? Yes. The same .deb package and apt install steps work on Ubuntu 22.04 and other Debian-based distributions. For Ubuntu 22.04 specific instructions, see How to Install TeamViewer on Ubuntu 22.04 .

How do I connect to a remote computer? Open TeamViewer, enter the remote computer’s ID in the “Partner ID” field, and click “Connect”. Enter the password when prompted. The remote session starts immediately if the correct credentials are provided.

How do I allow unattended access? In the TeamViewer main window, go to Extras → Options → Security and set a personal password. This allows connections to your machine without requiring someone to be present to share the one-time password.

Conclusion #

TeamViewer can be installed on Ubuntu 24.04 in two commands — download the .deb package and install it with apt. The TeamViewer repository added during installation keeps the application up to date through the standard Ubuntu update process.

If you have any questions, feel free to leave a comment below.

Google Chrome is a fast and secure web browser built for the modern web. It is available for all major operating systems and allows you to sync bookmarks, history, and passwords across devices.

This guide explains how to install Google Chrome on Ubuntu 24.04 using the official Google package and repository.

Quick Reference #

Installing Google Chrome on Ubuntu #

Chrome is not open source and is not included in the standard Ubuntu repositories. The official .deb package adds the Google signing key and repository so Chrome stays updated automatically.

Download Google Chrome #

Open a terminal and use wget to download the latest stable package:

wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb

Install Google Chrome #

Install the package with apt. Running this command requires sudo privileges :

sudo apt install ./google-chrome-stable_current_amd64.deb

When prompted, enter your password to complete the installation.

Starting Google Chrome #

Open the Activities overview by pressing the Super key, search for “Google Chrome”, and launch it:

You can also start Chrome from the terminal:

google-chrome

When you start Chrome for the first time, you will be asked whether you want to set it as the default browser and enable crash reports:

Chrome then opens the welcome page:

From here, you can sign in with your Google account and sync your settings.

Set Chrome as Default Browser #

To set Chrome as the default browser from the command line, run:

xdg-settings set default-web-browser google-chrome.desktop

To verify the current default browser:

xdg-settings get default-web-browser

google-chrome.desktop

Updating Google Chrome #

During installation, the official Google repository is added to your system. Verify the repository file with cat :

cat /etc/apt/sources.list.d/google-chrome.list

Example output:

### THIS FILE IS AUTOMATICALLY CONFIGURED ###
# You may comment out this entry, but any other modifications may be lost.
deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main

Chrome updates are delivered through the standard Ubuntu update process:

sudo apt update && sudo apt upgrade

Uninstalling Google Chrome #

To remove Google Chrome from your system, run:

sudo apt remove google-chrome-stable

Then clean up unused dependencies:

sudo apt autoremove

Troubleshooting #

The installation fails with dependency errors
Fix broken dependencies and re-run the install:

sudo apt --fix-broken install
sudo apt install ./google-chrome-stable_current_amd64.deb

Chrome does not start after installation
Close any running Chrome processes and start it again:

pkill -f chrome
google-chrome

Repository file is missing
Reinstall the package to recreate the repository file:

sudo apt install ./google-chrome-stable_current_amd64.deb

FAQ #

What is the difference between Chrome and Chromium?
Chromium is the open-source project that Chrome is built on. Chrome adds proprietary features such as automatic updates, licensed media codecs (AAC, H.264), and tighter Google account integration.

How do I import bookmarks from another browser?
Open Chrome, go to Settings > Import bookmarks and settings, and select the browser you want to import from.

Can I install Chrome Beta or Dev channels?
Yes. Replace google-chrome-stable with google-chrome-beta or google-chrome-unstable in the download URL and install command.

Conclusion #

Google Chrome installs on Ubuntu 24.04 using the official .deb package, which also configures the Google repository for automatic updates.

If you have any questions, feel free to leave a comment below.

Python is one of the most popular programming languages. It is used to build all kinds of applications, from simple scripts to complex machine-learning systems. With its straightforward syntax, Python is a good choice for both beginners and experienced developers.

Ubuntu 24.04 ships with Python 3.12 preinstalled. To check the version on your system:

python3 --version

Python 3.12.3

If you need a newer Python version such as 3.13 or 3.14, you can install it from the deadsnakes PPA or build it from source. Both methods install the new version alongside the system Python without replacing it. This guide shows how to install Python on Ubuntu 24.04 using both approaches.

Quick Reference #

Installing Python from the Deadsnakes PPA #

The deadsnakes PPA provides newer Python versions packaged for Ubuntu. This is the easiest way to install a different Python version.

1. Install the prerequisites and add the PPA:

   Terminal

   sudo apt update
   sudo apt install software-properties-common
   sudo add-apt-repository ppa:deadsnakes/ppa

   Press Enter when prompted to confirm.

2. Install Python 3.13:

   Terminal

   sudo apt update
   sudo apt install python3.13

   To install Python 3.14 instead, replace python3.13 with python3.14 in the command above.

3. Verify the installation:

   Terminal

   python3.13 --version

   output

   Python 3.13.11

   You can also confirm the binary location:

   Terminal

   which python3.13

4. Install the venv module (needed for creating virtual environments):

   Terminal

   sudo apt install python3.13-venv

5. If you need pip, install the venv package and create a virtual environment, then use pip inside the venv:

   Terminal

   python3.13 -m venv myproject
   source myproject/bin/activate
   python -m pip install --upgrade pip

   If you need a system-level pip for that interpreter, run:

   Terminal

   python3.13 -m ensurepip --upgrade

Installing Python from Source #

Compiling Python from source allows you to install any version and customize the build options. However, you will not be able to manage the installation through the apt package manager.

The following steps show how to compile Python 3.13. If you are installing a different version, replace the version number in the commands below.

1. Install the libraries and dependencies required to build Python:

   Terminal

   sudo apt update
   sudo apt install build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev liblzma-dev

2. Download the source code from the Python download page using wget :

   Terminal

   wget https://www.python.org/ftp/python/3.13.11/Python-3.13.11.tgz

3. Extract the archive :

   Terminal

   tar -xf Python-3.13.11.tgz

4. Navigate to the source directory and run the configure script:

   Terminal

   cd Python-3.13.11
   ./configure --enable-optimizations

   The --enable-optimizations flag runs profile-guided optimization tests, which makes the build slower but produces a faster Python binary.

5. Start the build process:

   Terminal

   make -j $(nproc)

   The -j $(nproc) option uses all available CPU cores for a faster build.

6. Install the Python binaries using altinstall. Do not use install, as it overwrites the system python3 binary and can break system tools that depend on it:

   Terminal

   sudo make altinstall

7. Verify the installation:

   Terminal

   python3.13 --version

   output

   Python 3.13.11

Setting Up a Virtual Environment #

After installing a new Python version, create a virtual environment for your project to keep dependencies isolated:

python3.13 -m venv myproject

Activate the virtual environment:

source myproject/bin/activate

Your shell prompt will change to show the environment name. Inside the virtual environment, python and pip point to the version you used to create it.

To deactivate the virtual environment:

deactivate

For more details, see our guide on how to create Python virtual environments .

Uninstalling the PPA Version (Optional) #

To remove the PPA version:

sudo apt remove python3.13 python3.13-venv

To remove the PPA itself:

sudo add-apt-repository --remove ppa:deadsnakes/ppa

FAQ #

Should I use the PPA or build from source?
The deadsnakes PPA is the recommended method for most users. It is easier to install, receives security updates through apt, and does not require build tools. Build from source only if you need a custom build configuration or a version not available in the PPA.

Will installing a new Python version break my system?
No. Both methods install the new version alongside the system Python 3.12. The system python3 command is not affected. You access the new version with python3.13 or python3.14.

How do I make the new Python version the default?
You can use update-alternatives to configure it, but this is not recommended. Many Ubuntu system tools depend on the default python3 being the version that shipped with the OS. Use virtual environments instead.

How do I install pip for the new Python version?
The recommended approach is to use a virtual environment. Install python3.13-venv, create a venv, and use pip inside it. If you need a system-level pip for that interpreter, run python3.13 -m ensurepip --upgrade.

What is the difference between install and altinstall when building from source?
altinstall installs the binary as python3.13 without creating a python3 symlink. install creates the symlink, which overwrites the system Python and can break Ubuntu system tools.

Does Ubuntu 24.04 include pip by default?
Ubuntu 24.04 includes Python 3.12 but does not include pip in the base installation. Install it with sudo apt install python3-pip. For newer Python versions, use python3.13 -m pip inside a virtual environment.

Conclusion #

Ubuntu 24.04 ships with Python 3.12. To install a newer version, use the deadsnakes PPA for a simple apt-based installation, or build from source for full control over the build. Use virtual environments to manage project dependencies without affecting the system Python.

For more on Python package management, see our guide on how to use pip .

If you have any questions, feel free to leave a comment below.