Foreword
Due to demand for the company's projects, the need for client machines using simple firewall features, it can be easy to set up a protective wall in the rules page, of course, this function needs into my hands I have a chance to learn. Because the client machines are ubuntu, so of course with the ubuntu unique and simple firewall rule set that ufw, Taking ubuntu16.04 prevail, other versions of usage should also not too bad. This article focuses on its common usage, as for other uses would have to wait for your partner and then their own small study.
wiki
UFW called the Uncomplicated Firewall, the default on the Ubuntu system firewall component, configure iptables for weight reduction and the development of a tool. UFW offers a very friendly interface for creating firewall rules based on IPV4, IPV6 is.
ufw Tutorial
Use ufw command must have administrator privileges to run without sudo, then we should look at, but pay attention to safety, not messing around Kazakhstan. . .
Open and disabled
# ufw enable //开启防火墙
# ufw disable //禁用防火墙
# ufw reset //重置防火墙,会把你所有已添加的规则全部删除,并且禁用防火墙You can use the following command to view the status of the firewall ufw
# ufw status
// 没开启是这个样子的
Status: inactive
//开启后是这样子的
Status: active
... // 如果你添加了防火墙规则下面这里就会显示Set the default firewall rules, default is allowed, that is what the hell are you even allowed to come in.
# ufw default allow|deny //设置默认规则
allow : 允许
deny : 拒绝 Protocol rules
Protocol rules is that some firewall rules on the agreement.
ufw [delete] [insert NUM] allow|deny [in|out] [PORT[/PROTOCOL] ] [comment COMMENT]
delete : 删除这个规则
insert : Num代表你要插入到防火墙规则的那个位置,规则是有序排列的。会根据需要来一个个检查
allow|deny : 这条规则是允许的还是禁用的
in|out: 这条规则对发送还是接收数据生效
PORT: 端口号
protocol : 协议,例如TCP还是UDP
comment : 注释
...Add a rule allowing the ssh (ssh port number is 22, the protocol is TCP), and inserted into position 2
# ufw insert 2 allow in 22/tcp 22 connected to the port is disabled
# ufw deny in 22ip rule
ip rule which may include the port number and protocol, not vice-versa.
ufw [delete] [insert NUM] allow|deny [in|out [on INTERFACE]] [proto PROTOCOL]
[from ADDRESS [port PORT]] [to ADDRESS [port PORT]] [comment COMMENT]
INTERFACE :网卡,就是针对哪个网卡生效,可以使用ifconfig或ip addr查看你的网卡
form ADDRESS : 源IP地址
to ADDRESS : 目标IP地址
PORT : 跟在源IP地址后面就是源IP地址的端口号,反之则是目标IP地址的端口号
其他的都和协议规则的一致Add 22 allows the 192.168.0.2 tcp port protocol (ssh) rules
# ufw allow proto tcp from 192.168.0.2 port 22If there are others to help the process of forwarding information on your system, then you may be allowed from a certain source IP address to send information to a target address, for example: Allow the source IP address 192.168.0.2 of the 8088 port to the destination address 192.162. 0.2 8080
# ufw allow from 192.168.0.2 port 80 to 192.168.0.2 port 8080Delete Rule
Delete Rule two, one is to delete the contents of the rules, one is based on the serial number deleted
method one
Just add the rule command to add the previous deleteparameters, for example:
# ufw allow 22/tcp //添加一条允许ssh的规则
# ufw delete allow 22/tcp //删除ssh规则Second way
According to the serial number removed, how do you know the serial number rule it? Use ufw status numbered
# ufw status numbered //查
Status: active
To Action From
-- ------ ----
[ 1] 22 ALLOW IN Anywhere
I need to delete the first rule
# ufw delete 1 //这样就是删除第一条规则啦Recommended settings
# ufw enbale //开启防火墙
# ufw alllow ssh // 添加ssh的规则,这是简写规则
# ufw default deny //设置默认为禁用,但是我们已经添加了ssh规则,就不担心。
后面这里你们就可以自己搞事情啦!
...Well, these stresses are relatively basic usage, want to understand, then you can take a look at themselves to the official website, will be out later in the chapter about the iptables firewall rules, ufw is carried out based on iptables package, iptables applies to all Oh Linux system, not just the only Ubuntu. This article. Thank you read the small partners, Thanks ♪ (· ω ·) Techno
Personal blog: https://colablog.cn/