ufw of ubuntu firewall rules

Preface#

Due to the needs of the company's project, it is necessary to easily use the firewall function on the client machine, so you can easily set the rules of the protective wall on the page. Of course, this function requirement is put in my hands before I have the opportunity to learn. Because the client machines are all ubuntu, so of course the ubuntu-specific and simple firewall setting rules are used, that is ufw, the article is based on ubuntu16.04, and the usage of other versions should not be too different. This article focuses on its commonly used usage, as for other usages, you have to wait for your friends to study by yourself.

wiki

The full name of UFW is Uncomplicated Firewall, which is the default firewall component on the Ubuntu system. It is a tool developed for lightweight configuration of iptables. UFW provides a very friendly interface for creating firewall rules based on IPV4 and IPV6.

ufw tutorial#

Commands using ufw must be run with administrator privileges. If not, sudo is required, but you must pay attention to safety and not mess around. . .

Enable and disable##

# ufw enable //Turn on the firewall
# ufw disable //Disable firewall
# ufw reset //Resetting the firewall will delete all the rules you have added and disable the firewall

You can use the following command to view the status of the ufw firewall

# ufw status
//It looks like this when it's not turned on
Status: inactive  

//It looks like this after opening
Status: active
... //If you add firewall rules, it will be displayed below

Set the default firewall rules, the default is to allow, which means that everything allows you to connect in.

# ufw default allow|deny  //Set default rules
allow :allow
deny :Refuse

Agreement Rules##

Protocol rules are some firewall rules about the protocol.

ufw [delete][insert NUM]  allow|deny [in|out][PORT[/PROTOCOL]][comment COMMENT]delete:Delete this rule
insert :Num represents the position where you want to insert the firewall rules, and the rules are arranged in order. Will check one by one as needed
allow|deny :Is this rule allowed or forbidden
in|out:This rule is effective for sending or receiving data
PORT:The port number
protocol :Protocol, such as TCP or UDP
comment :Comment
...

Add a rule that allows ssh (the port number of ssh is 22, and the protocol is TCP), and insert it in position 2

# ufw insert 2 allow in22/tcp 

Disable 22 port connection

# ufw deny in22

ip rules##

The port number and protocol can be included in the ip rule, but not vice versa.

ufw  [delete][insert  NUM]  allow|deny  [in|out  [on INTERFACE]][proto PROTOCOL][from ADDRESS [port PORT]][to ADDRESS [port PORT]][comment COMMENT]

INTERFACE: NIC, which is valid for which NIC, you can use ifconfig or ip addr to check your NIC
form ADDRESS  :Source IP address
to ADDRESS :Destination IP address
PORT :Following the source IP address is the port number of the source IP address, otherwise it is the port number of the destination IP address
Others are consistent with the agreement rules

Add a rule to allow port 22 TCP protocol (ssh) of 192.168.0.2

# ufw allow proto tcp from192.168.0.2 port 22

If there is a process to help others forward information on your system, then you can allow information from a source IP address to be sent to a destination address, for example: Allow port 8088 of the source IP address 192.168.0.2 to be sent to the destination address 192.162. 8080 port of 0.2

# ufw allow from192.168.0.2 port 80 to 192.168.0.2 port 8080

Delete rule##

There are two deletion rules, one is to delete based on the content of the rule, the other is to delete based on the serial number

method one###

Add the delete parameter before the command to add the rule, for example:

# ufw allow 22/tcp //Add a rule to allow ssh
# ufw delete allow 22/tcp //Delete ssh rules

Way two###

Delete based on the sequence number, how do you know the sequence number of the rule? Use ufw status numbered

# ufw status numbered //check
Status: active

  To                         Action      From
  - - - - - - - - - - - - [1]22       ALLOW IN    Anywhere         

I need to delete the first rule

# ufw delete1//This is to delete the first rule

Recommended settings##

# ufw enbale //Turn on the firewall
# ufw alllow ssh //Add ssh rules, this is a shorthand rule
# ufw default deny //The setting is disabled by default, but we have already added ssh rules, so don't worry.
You can do things by yourself later here!
...

Well, the above are all relatively basic usages. If you want to know more about it, you can go to the official website to have a look. There will be a chapter about iptables firewall rules. Ufw is encapsulated based on iptables, and iptables applies to all The Linux system is not only Ubuntu. This is the end of this article, thank you all for reading, Thanks♪(・ω・)ノ

Recommended Posts

ufw of ubuntu firewall rules
ubuntu iptables firewall guide
3D effect of ubuntu
Summary of ubuntu usage
Use of Anaconda in Ubuntu
How to set up a firewall with UFW on Ubuntu 14.04
Use of mediawiki under ubuntu
Summary of various ubuntu problems
Initial setup of Ubuntu 16.04 server
Happy installation of Jenkins in ubuntu
Detailed explanation of ubuntu using gpg2
Installation of deb package under Ubuntu
Summary of Ubuntu commonly used commands
Overview of the Ubuntu file system
[Linux] Some high-efficiency tools of Ubuntu
Ubuntu20.04 firewall setting simple tutorial (Xiaobai)
Installation of Docker CE under Ubuntu
Coexistence of CUDA8.0 and CUDA9.0 under Ubuntu 16.04