Example of ufw firewall command
sudo ufw enable|disable
Because LInux's original firewall tool iptables is too cumbersome, ubuntu provides a firewall tool ufw based on iptable by default.
The default in ubuntu 9.10 is UFW firewall, which already supports interface operations. Run the ufw command on the command line to see a series of actions that can be performed.
The simplest operation: sudo ufw status can check the status of the firewall, and my return is: inactive
sudo ufw version firewall version:
The ubuntu system has ufw installed by default.
sudo apt-get install ufw
sudo ufw enable
sudo ufw default deny
After running the above two commands, the firewall is turned on, and it is automatically turned on when the system starts. Close all external access to the machine, but the machine access to the outside is normal.
sudo ufw allow|deny [service]
Open or close a port, for example:
sudo ufw allow smtp Allow all external IPs to access the machine's 25/tcp (smtp) port sudo ufw allow 22/tcp allows all external IPs to access the machine's 22/tcp (ssh) port sudo ufw allow 53 allows external access to port 53 (tcp/udp) sudo ufw allow from 192.168.1.100 allows this IP to access all local ports sudo ufw allow proto udp 192.168.0.1 port 53 to 192.168.0.2 port 53 sudo ufw deny smtp prohibit external access to smtp services sudo ufw delete allow smtp delete a rule established above 4. View firewall status sudo ufw status For general users, only the following settings are required: sudo apt-get install ufw sudo ufw enable sudo ufw default deny The above three commands are safe enough. If you need to open certain services, use sudo ufw allow to open them. Turn on/off the firewall (the default setting is ‘disable’) sudo ufw enable|disable Switch log status sudo ufw logging on|off Set the default policy (e.g. "mostly open" vs "mostly closed") sudo ufw default allow|deny
Permit or block the port (you can view the service list in "status"). You can specify a service name that exists in /etc/services in the form of "protocol: port", or you can use the meta-data of the package. The ‘allow’ parameter will add entries to /etc/ufw/maps, while ‘deny’ will do the opposite. The basic syntax is as follows:
sudo ufw allow|deny [service] To display the listening status of firewalls and ports, see /var/lib/ufw/maps. The numbers in brackets will not be displayed. sudo ufw status UFW usage example: Allow port 53 $ sudo ufw allow 53 Disable port 53 $ sudo ufw delete allow 53 Allow port 80 $ sudo ufw allow 80/tcp Disable port 80 $ sudo ufw delete allow 80/tcp Allow smtp port $ sudo ufw allow smtp Remove the license of the smtp port $ sudo ufw delete allow smtp Allow a specific IP $ sudo ufw allow from 192.168.254.254 Delete the above rule $ sudo ufw delete allow from 192.168.254.254
After the linux 2.4 kernel, a very good firewall tool is provided: netfilter/iptables, which is free and powerful, and can finely control the incoming and outgoing information. It can realize firewall, NAT (network address translation) and data packet Split and other functions. Netfilter works inside the kernel, while iptables is a table structure that allows users to define rule sets.
But the rules of iptables are a little bit "complex", so ubuntu provides ufw as a setting tool to simplify some settings of iptables. The background is still iptables. Ufw is the abbreviation of uncomplicated firewall, some complicated settings still need to go to iptables.
Files and folders related to ufw are:
/etc /ufw/: There are some ufw environment setting files, such as before.rules, after.rules, sysctl.conf, ufw.conf, and for ip6 before6.rule and after6.rules. These files are generally ok according to the default settings. If ufw is turned on, /etc/ufw/sysctl.conf will overwrite the default /etc/sysctl.conf file. If your original /etc/sysctl.conf is modified, after starting ufw, if /etc/ufw/sysctl If there are new assignments in .conf, /etc/sysctl.conf will be overwritten, otherwise /etc/sysctl.conf will prevail. Of course, you can set which sysctrl.conf to use by modifying the "IPT_SYSCTL=" entry in /etc/default/ufw. /var/lib/ufw/user.rules This file contains some firewall rules that we set. You can probably see it when you open it. Sometimes we can modify this file directly without using commands to set it. After modification, remember to restart ufw with ufw reload to make the new rules take effect. Here are some examples of the ufw command line: ufw enable/disable: turn on/off ufw ufw status: View the defined ufw rules ufw default allow/deny: foreign access is allowed/deny by default ufw allow/deny 20: allow/deny access to port 20, 20 can be followed by /tcp or /udp, which means tcp or udp packet. ufw allow/deny servicename: ufw finds the corresponding service port from /etc/services and filters it. ufw allow proto tcp from 10.0.1.0/10 to native ip port 25: Allow tcp packets from 10.0.1.0/10 to access port 25 of the native. ufw delete allow/deny 20: delete the previously defined "allow/deny access to port 20" rule
- brew cask "Error: Unknown command: cask?"的解决方法
- -bash: docker-compose: command not found two solutions
- -bash: docker-compose: command not found的两种解决方法
- -bash: crontab: command not found ubuntu问题
- mac os install soft command
- Docker command all
- bash: rsync: command not found解决方法
- debian/Ubuntu simple firewall setupthing
- Freebsd web server firewall configuration