UFW basic commands
ufw version #查看版本信息
ufw enable #启用防火墙
ufw disable #禁用防火墙
ufw reload #重载防火墙
ufw reset #重新设置防火墙 (注意:这将禁用UFW并删除之前定义的任何规则)
ufw verbose #查看防火墙策略
Set UFW default policy
默认情况下ufw开启会阻止所有传入的流量并且允许所有传出的流量,通过以下命令实现:
ufw default allow outgoing
ufw deault deny incoming
Set up to allow SSH
ufw allow ssh
或
ufw allow 22
Set other ports (including protocol restrictions)
增加协议限制,基于tcp/udp过滤数据包
ufw allow 80/tcp
ufw allow 21/udp
Deny access to a certain port
ufw deny 80
Delete the added port
ufw delete allow 80
ufw delete deny 21
或可以通过编号删除
ufw status numbered
OutputStatus: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 443/tcp ALLOW IN Anywhere
ufw delete 2
Open ports according to range
某些应用程序使用多个端口,此时需要指定端口范围。指定端口范围时,必须指定规则应适用的协议( tcp或udp )。例如,要允许使用端口9000-9002范围内的连接,可以使用以下命令
ufw allow 9000:9002/tcp
ufw allow 9000:9002/udp
Restrict IP access whitelist, only allow or deny access to certain IPs
ufw allow from 192.168.29.36 #允许
ufw deny from 192.168.29.36 #拒绝
还可以在UFW中指定IP地址范围
ufw allow from 192.168.1.0/24 #允许
ufw deny from 192.168.1.0/24 #拒绝
Restrict specified IP access to specific ports
ufw allow from 192.168.29.36 to any port 80 #允许
ufw deny from 192.168.29.36 to any port 80 #
指定tcp/udp
#允许
ufw allow from 192.168.29.36 to any port 80 proto tcp
ufw allow from 192.168.29.36 to any port 80 proto udp
#拒绝
ufw deny from 192.168.29.36 to any port 80 proto tcp
ufw deny from 192.168.29.36 to any port 80 proto udp