Due to the needs of the company's project, it is necessary to easily use the firewall function on the client machine, so you can easily set the rules of the protective wall on the page. Of course, this function requirement is put in my hands before I have the opportunity to learn. Because the client machines are all ubuntu, so of course the ubuntu-specific and simple firewall setting rules are used, that is ufw, the article is based on ubuntu16.04, and the usage of other versions should not be too different. This article focuses on its commonly used usage, as for other usages, you have to wait for your friends to study by yourself.
The full name of UFW is Uncomplicated Firewall, which is the default firewall component on the Ubuntu system. It is a tool developed for lightweight configuration of iptables. UFW provides a very friendly interface for creating firewall rules based on IPV4 and IPV6.
Commands using ufw must be run with administrator privileges. If not, sudo is required, but you must pay attention to safety and not mess around. . .
# ufw enable //Turn on the firewall
# ufw disable //Disable firewall
# ufw reset //Resetting the firewall will delete all the rules you have added and disable the firewall
You can use the following command to view the status of the ufw firewall
# ufw status
//It looks like this when it's not turned on
Status: inactive
//It looks like this after opening
Status: active
... //If you add firewall rules, it will be displayed below
Set the default firewall rules, the default is to allow, which means that everything allows you to connect in.
# ufw default allow|deny //Set default rules
allow :allow
deny :Refuse
Protocol rules are some firewall rules about the protocol.
ufw [delete][insert NUM] allow|deny [in|out][PORT[/PROTOCOL]][comment COMMENT]delete:Delete this rule
insert :Num represents the position where you want to insert the firewall rules, and the rules are arranged in order. Will check one by one as needed
allow|deny :Is this rule allowed or forbidden
in|out:This rule is effective for sending or receiving data
PORT:The port number
protocol :Protocol, such as TCP or UDP
comment :Comment
...
Add a rule that allows ssh (the port number of ssh is 22, and the protocol is TCP), and insert it in position 2
# ufw insert 2 allow in22/tcp
Disable 22 port connection
# ufw deny in22
The port number and protocol can be included in the ip rule, but not vice versa.
ufw [delete][insert NUM] allow|deny [in|out [on INTERFACE]][proto PROTOCOL][from ADDRESS [port PORT]][to ADDRESS [port PORT]][comment COMMENT]
INTERFACE: NIC, which is valid for which NIC, you can use ifconfig or ip addr to check your NIC
form ADDRESS :Source IP address
to ADDRESS :Destination IP address
PORT :Following the source IP address is the port number of the source IP address, otherwise it is the port number of the destination IP address
Others are consistent with the agreement rules
Add a rule to allow port 22 TCP protocol (ssh) of 192.168.0.2
# ufw allow proto tcp from192.168.0.2 port 22
If there is a process to help others forward information on your system, then you can allow information from a source IP address to be sent to a destination address, for example: Allow port 8088 of the source IP address 192.168.0.2 to be sent to the destination address 192.162. 8080 port of 0.2
# ufw allow from192.168.0.2 port 80 to 192.168.0.2 port 8080
There are two deletion rules, one is to delete based on the content of the rule, the other is to delete based on the serial number
Add the delete parameter before the command to add the rule, for example:
# ufw allow 22/tcp //Add a rule to allow ssh
# ufw delete allow 22/tcp //Delete ssh rules
Delete based on the sequence number, how do you know the sequence number of the rule? Use ufw status numbered
# ufw status numbered //check
Status: active
To Action From
- - - - - - - - - - - - [1]22 ALLOW IN Anywhere
I need to delete the first rule
# ufw delete1//This is to delete the first rule
# ufw enbale //Turn on the firewall
# ufw alllow ssh //Add ssh rules, this is a shorthand rule
# ufw default deny //The setting is disabled by default, but we have already added ssh rules, so don't worry.
You can do things by yourself later here!
...
Well, the above are all relatively basic usages. If you want to know more about it, you can go to the official website to have a look. There will be a chapter about iptables firewall rules. Ufw is encapsulated based on iptables, and iptables applies to all The Linux system is not only Ubuntu. This is the end of this article, thank you all for reading, Thanks♪(・ω・)ノ
Recommended Posts