Example of ufw firewall command
sudo ufw enable|disable
Because LInux's original firewall tool iptables is too cumbersome, ubuntu provides a firewall tool ufw based on iptable by default.
The default in ubuntu 9.10 is UFW firewall, which already supports interface operations. Run the ufw command on the command line to see a series of actions that can be performed.
The simplest operation: sudo ufw status can check the status of the firewall, and my return is: inactive
sudo ufw version firewall version:
The ubuntu system has ufw installed by default.
- Installation
sudo apt-get install ufw
- Enable
sudo ufw enable
sudo ufw default deny
After running the above two commands, the firewall is turned on, and it is automatically turned on when the system starts. Close all external access to the machine, but the machine access to the outside is normal.
- Enable/Disable
sudo ufw allow|deny [service]
Open or close a port, for example:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
sudo ufw allow smtp Allow all external IPs to access the machine's 25/tcp (smtp) port
sudo ufw allow 22/tcp allows all external IPs to access the machine's 22/tcp (ssh) port
sudo ufw allow 53 allows external access to port 53 (tcp/udp)
sudo ufw allow from 192.168.1.100 allows this IP to access all local ports
sudo ufw allow proto udp 192.168.0.1 port 53 to 192.168.0.2 port 53
sudo ufw deny smtp prohibit external access to smtp services
sudo ufw delete allow smtp delete a rule established above
4. View firewall status
sudo ufw status
For general users, only the following settings are required:
sudo apt-get install ufw
sudo ufw enable
sudo ufw default deny
The above three commands are safe enough. If you need to open certain services, use sudo ufw allow to open them.
Turn on/off the firewall (the default setting is ‘disable’)
sudo ufw enable|disable
Switch log status
sudo ufw logging on|off
Set the default policy (e.g. "mostly open" vs "mostly closed")
sudo ufw default allow|deny
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
sudo ufw allow|deny [service]
To display the listening status of firewalls and ports, see /var/lib/ufw/maps. The numbers in brackets will not be displayed.
sudo ufw status
UFW usage example:
Allow port 53
$ sudo ufw allow 53
Disable port 53
$ sudo ufw delete allow 53
Allow port 80
$ sudo ufw allow 80/tcp
Disable port 80
$ sudo ufw delete allow 80/tcp
Allow smtp port
$ sudo ufw allow smtp
Remove the license of the smtp port
$ sudo ufw delete allow smtp
Allow a specific IP
$ sudo ufw allow from 192.168.254.254
Delete the above rule
$ sudo ufw delete allow from 192.168.254.254
But the rules of iptables are a little bit "complex", so ubuntu provides ufw as a setting tool to simplify some settings of iptables. The background is still iptables. Ufw is the abbreviation of uncomplicated firewall, some complicated settings still need to go to iptables.
Files and folders related to ufw are:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
/etc /ufw/: There are some ufw environment setting files, such as before.rules, after.rules, sysctl.conf, ufw.conf, and for ip6 before6.rule and after6.rules. These files are generally ok according to the default settings.
If ufw is turned on, /etc/ufw/sysctl.conf will overwrite the default /etc/sysctl.conf file. If your original /etc/sysctl.conf is modified, after starting ufw, if /etc/ufw/sysctl If there are new assignments in .conf, /etc/sysctl.conf will be overwritten, otherwise /etc/sysctl.conf will prevail. Of course, you can set which sysctrl.conf to use by modifying the "IPT_SYSCTL=" entry in /etc/default/ufw.
/var/lib/ufw/user.rules This file contains some firewall rules that we set. You can probably see it when you open it. Sometimes we can modify this file directly without using commands to set it. After modification, remember to restart ufw with ufw reload to make the new rules take effect.
Here are some examples of the ufw command line:
ufw enable/disable: turn on/off ufw
ufw status: View the defined ufw rules
ufw default allow/deny: foreign access is allowed/deny by default
ufw allow/deny 20: allow/deny access to port 20, 20 can be followed by /tcp or /udp, which means tcp or udp packet.
ufw allow/deny servicename: ufw finds the corresponding service port from /etc/services and filters it.
ufw allow proto tcp from 10.0.1.0/10 to native ip port 25: Allow tcp packets from 10.0.1.0/10 to access port 25 of the native.
ufw delete allow/deny 20: delete the previously defined "allow/deny access to port 20" rule
💘 相关文章
- mac os install soft command
- Freebsd web server firewall configuration
- Debian系统出现 "gpg: command not found"的解决方法
- Use the stats command to monitor memcached
- -bash: dig: command not found的解决方法
- -bash: docker-compose: command not found two solutions
- -bash: docker-compose: command not found的两种解决方法
- -bash: crontab: command not found ubuntu问题
- -bash: dig: command not found solution
- brew cask "Error: Unknown command: cask?"的解决方法