ubuntu ufw configuration
Ubuntu 18.04 LTS system already comes with default UFW tool, if your system is not installed, you can execute the following command to install the "terminal" in:
1
|
sudo apt install ufw
|
Check the status UFW
1
|
sudo ufw status verbose
|
Whether you're using Ubuntu 18.04 came with your system or just manually install the UFW, are disabled by default, so the output is "inactive"
UFW default policy
Firewall policy is to build the basis of user-defined rules, in most cases, the initial default UFW strategy is a good starting point.
And by default, UFW will block all incoming connections and allows all outgoing connections. That is, unless you specifically open a specific port, or anyone trying to access your server can not connect, but the applications and services running on the server was able to access the outside.
UFW default policy in the definition / etc / default / ufw file, you can use sudo ufw default command to the policy changes.
Open port 80 --HTTP
1
|
sudo ufw allow http
|
You can also specify a direct port number 80:
1
|
sudo ufw allow
80
/tcp
|
Open port 443 --HTTPS
1
|
sudo ufw allow https
|
You can also specify a direct port number 443:
1
|
sudo ufw allow
443
/tcp
|
Allow port range
UFW in use of the port range, tcp or udp must specify the protocol. For example, to open the tcp and udp ports 7100-7200 on the server, you can run the following command:
1
2
|
sudo ufw allow
7100
:
7200
/tcp
sudo ufw allow
7100
:
7200
/udp
|
Allow specific IP addresses
1
|
sudo ufw allow from
123.123
.
123.123
|
Allows subnet
If you want to allow the computer to a specific subnet range of access to a server port, for example: allow from 192.168.1.1 to 192.168.1.254 network to access ports (MySQL) Server 3306, you can execute the following command:
1
|
sudo ufw allow from
192.168
.
1.0
/
24
to any port
3306
|
Refuse to connect
It has been introduced, the default policy for incoming connections are set to reject. Let's say you open ports 80 and 443, and the server has been attacked from all connections 23.34.45.0/24 may reject the network through the following command:
1
|
sudo ufw deny from
23.34
.
45.0
/
24
|
If you want to deny access ports 80 and 443, you can use the following command:
1
2
|
sudo ufw deny from
23.34
.
45.0
/
24
to any port
80
sudo ufw deny from
23.34
.
45.0
/
24
to any port
443
|
He refused to allow the preparation of written rules and the rules the same, you only need to allow deny replaced on the line
Delete UFW policy
For the novice user to delete a specific rule by rule number is better, but before that you need to use the command lists the number of digital rules:
1
|
sudo ufw status numbered
|
For example, to delete Rule 4 open port 8080 can use the following command:
1
|
sudo ufw delete
4
|
For example, to delete the rule to open 8069 port, you can use the following command:
1
|
sudo ufw delete allow
8069
|
Disable UFW
1
|
sudo ufw disable
|
Reset UFW
1
|
sudo ufw reset
|
================ End