ubuntu ufw configuration

Ubuntu 18.04 LTS system already comes with default UFW tool, if your system is not installed, you can execute the following command to install the "terminal" in:

 
         sudo apt install ufw

Check the status UFW

 
         sudo ufw status verbose

Whether you're using Ubuntu 18.04 came with your system or just manually install the UFW, are disabled by default, so the output is "inactive"

UFW default policy

Firewall policy is to build the basis of user-defined rules, in most cases, the initial default UFW strategy is a good starting point.

And by default, UFW will block all incoming connections and allows all outgoing connections. That is, unless you specifically open a specific port, or anyone trying to access your server can not connect, but the applications and services running on the server was able to access the outside.

UFW default policy in the definition / etc / default / ufw file, you can use sudo ufw default command to the policy changes.

Open port 80 --HTTP

 
         sudo ufw allow http

You can also specify a direct port number 80:

 
         sudo ufw allow  
         80 
         /tcp

Open port 443 --HTTPS

 
         sudo ufw allow https

You can also specify a direct port number 443:

 
         sudo ufw allow  
         443 
         /tcp

Allow port range

UFW in use of the port range, tcp or udp must specify the protocol. For example, to open the tcp and udp ports 7100-7200 on the server, you can run the following command:

 
         sudo ufw allow  
         7100 
         : 
         7200 
         /tcp 
        
         sudo ufw allow  
         7100 
         : 
         7200 
         /udp

Allow specific IP addresses

 
         sudo ufw allow from  
         123.123 
         . 
         123.123

Allows subnet

If you want to allow the computer to a specific subnet range of access to a server port, for example: allow from 192.168.1.1 to 192.168.1.254 network to access ports (MySQL) Server 3306, you can execute the following command:

 
         sudo ufw allow from  
         192.168 
         . 
         1.0 
         / 
         24  
         to any port  
         3306

Refuse to connect

It has been introduced, the default policy for incoming connections are set to reject. Let's say you open ports 80 and 443, and the server has been attacked from all connections 23.34.45.0/24 may reject the network through the following command:

 
         sudo ufw deny from  
         23.34 
         . 
         45.0 
         / 
         24

If you want to deny access ports 80 and 443, you can use the following command:

 
         sudo ufw deny from  
         23.34 
         . 
         45.0 
         / 
         24  
         to any port  
         80 
        
         sudo ufw deny from  
         23.34 
         . 
         45.0 
         / 
         24  
         to any port  
         443

He refused to allow the preparation of written rules and the rules the same, you only need to allow deny replaced on the line

Delete UFW policy

For the novice user to delete a specific rule by rule number is better, but before that you need to use the command lists the number of digital rules:

 
         sudo ufw status numbered

For example, to delete Rule 4 open port 8080 can use the following command:

 
         sudo ufw delete  
         4

For example, to delete the rule to open 8069 port, you can use the following command:

 
         sudo ufw delete allow  
         8069

Disable UFW

 
         sudo ufw disable

Reset UFW

 
         sudo ufw reset

================ End