Introduction to using UFW firewall under Ubuntu

UFW basic commands

ufw version           #查看版本信息
ufw enable            #启用防火墙
ufw disable           #禁用防火墙
ufw reload            #重载防火墙
ufw reset             #重新设置防火墙 (注意：这将禁用UFW并删除之前定义的任何规则)
ufw verbose           #查看防火墙策略

Set UFW default policy

默认情况下ufw开启会阻止所有传入的流量并且允许所有传出的流量，通过以下命令实现：

ufw default allow outgoing
ufw deault deny incoming

Set up to allow SSH

ufw allow ssh
或
ufw allow 22

Set other ports (including protocol restrictions)

增加协议限制，基于tcp/udp过滤数据包

ufw allow 80/tcp
ufw allow 21/udp

Deny access to a certain port

ufw deny 80

Delete the added port

ufw delete allow 80
ufw delete deny 21

或可以通过编号删除

ufw status numbered
OutputStatus: active
     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 443/tcp                    ALLOW IN    Anywhere

ufw delete 2

Open ports according to range

某些应用程序使用多个端口，此时需要指定端口范围。指定端口范围时，必须指定规则应适用的协议（ tcp或udp ）。例如，要允许使用端口9000-9002范围内的连接，可以使用以下命令

ufw allow 9000:9002/tcp
ufw allow 9000:9002/udp

Restrict IP access whitelist, only allow or deny access to certain IPs

ufw allow from 192.168.29.36 #允许
ufw deny from 192.168.29.36  #拒绝

还可以在UFW中指定IP地址范围

ufw allow from 192.168.1.0/24 #允许
ufw deny from 192.168.1.0/24 #拒绝

Restrict specified IP access to specific ports

ufw allow from 192.168.29.36 to any port 80 #允许
ufw deny from 192.168.29.36 to any port 80 #

指定tcp/udp

#允许
ufw allow from 192.168.29.36 to any port 80 proto tcp
ufw allow from 192.168.29.36 to any port 80 proto udp
#拒绝
ufw deny from 192.168.29.36 to any port 80 proto tcp
ufw deny from 192.168.29.36 to any port 80 proto udp