Created
November 1, 2019 18:11
-
-
Save zicodhkbd/300217e9671be2b9c1e10dc4b2ec90cf to your computer and use it in GitHub Desktop.
UFW or Uncomplicated Firewall
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
UFW or Uncomplicated Firewall is a program for managing a netfilter firewall designed to be easy to use. It uses a command-line interface consisting of a small number of simple commands, and uses iptables for configuration. Ubuntu 8.04 Comes with ufw - a program for managing the iptables firewall easily. | |
To check the status of UFW: | |
sudo ufw status | |
To turn UFW on with the default set of rules: | |
sudo ufw enable | |
{ note | |
If you’re using a cloud or virtual server, you need to allow incoming SSH connections so you can connect to and manage your server. To configure your server to allow incoming SSH connections, you can use this command: | |
sudo ufw allow ssh | |
An alternative syntax is to specify the port number of the SSH service: | |
sudo ufw allow 22 | |
} | |
To disable ufw use: | |
sudo ufw disable | |
To Allow specific rules on ufw | |
sudo ufw allow <port>/<optional: protocol> | |
example: To allow incoming tcp and udp packet on port 53 | |
sudo ufw allow 53 | |
example: To allow incoming tcp packets on port 53 | |
sudo ufw allow 53/tcp | |
example: To allow incoming udp packets on port 53 | |
sudo ufw allow 53/udp | |
To Deny specific rules on ufw | |
sudo ufw deny <port>/<optional: protocol> | |
example: To deny tcp and udp packets on port 53 | |
sudo ufw deny 53 | |
example: To deny incoming tcp packets on port 53 | |
sudo ufw deny 53/tcp | |
example: To deny incoming udp packets on port 53 | |
sudo ufw deny 53/udp | |
To delete a Existing Rule | |
For example, if the original rule was: | |
ufw deny 80/tcp | |
Use this to delete it: | |
sudo ufw delete deny 80/tcp | |
You can also allow or deny by service name since ufw reads from /etc/services To see get a list of services: | |
less /etc/services | |
Allow by Service Name | |
sudo ufw allow <service name> | |
example: to allow ssh by name | |
sudo ufw allow ssh | |
Deny by Service Name | |
sudo ufw deny <service name> | |
example: to deny ssh by name | |
sudo ufw deny ssh | |
Allow by Specific IP | |
sudo ufw allow from <ip address> | |
example:To allow packets from 207.46.232.182: | |
sudo ufw allow from 207.46.232.182 | |
Allow by Subnet | |
You may use a net mask: | |
sudo ufw allow from 192.168.1.0/24 | |
Allow by specific port and IP address | |
sudo ufw allow from <target> to <destination> port <port number> | |
example: allow IP address 192.168.0.4 access to port 22 for all protocols | |
sudo ufw allow from 192.168.0.4 to any port 22 | |
Allow by specific port, IP address and protocol | |
sudo ufw allow from <target> to <destination> port <port number> proto <protocol name> | |
example: allow IP address 192.168.0.4 access to port 22 using TCP | |
1. sudo ufw allow from 192.168.0.4 to any port 22 proto tcp | |
Deny by specific IP | |
sudo ufw deny from <ip address> | |
example:To block packets from 207.46.232.182: | |
1. sudo ufw deny from 207.46.232.182 | |
Deny by specific port and IP address | |
sudo ufw deny from <ip address> to <protocol> port <port number> | |
example: deny ip address 192.168.0.1 access to port 22 for all protocols | |
1. sudo ufw deny from 192.168.0.1 to any port 22 | |
You may use status numbered to show the order and id number of rules: | |
sudo ufw status numbered |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment