Notes on the UFW Firewall

UFW, Uncomplicated Firewall, is the default firewall in Ubuntu. It is designed to lesser the complexity of the iptables firewall and to make it more user friendly. A Graphical user interface of UFW, GUFW is also available for Ubuntu and Debian.

https://wiki.ubuntu.com/UncomplicatedFirewall

https://help.ubuntu.com/community/UFW

Next, some useful commands around this tool:

$ sudo apt-get install ufw

$ sudo ufw status
$ sudo ufw status verbose

$ sudo ufw enable
$ sudo ufw disable

$ sudo ufw allow ssh
[sudo] password for tasha:
Rule added
Rule added (v6)

$ sudo ufw allow ssh/tcp
To 		Action 			From
------ 		----------- 		------
22/tcp 		ALLOW 			Anywhere
22/tcp 		ALLOW 			Anywhere (v6)

$ sudo ufw deny ftp
To 		Action 			From
------ 		----------- 		------
21/tcp 		DENY 			Anywhere
21/tcp 		DENY 			Anywhere (v6)


$ sudo ufw allow 2290:2300/tcp
To 			Action 			From
------ 			----------- 		------
2290:2300/tcp 		ALLOW 			Anywhere
2290:2300/tcp 		ALLOW			Anywhere (v6)

$ sudo ufw allow from 192.168.0.10

$ sudo ufw allow form 192.168.0.0/8
To 		Action 			From
-- 		----------- 		------
Anywhere	ALLOW 			192.168.0.0/8

$ sudo ufw allow to any port 22

$ sudo ufw delete allow ftp
$ sudo ufw delete allow 22/tcp

$ sudo ufw status numbered
$ sudo ufw delete 3

$ sudo ufw reset

$ # 'off', 'low', 'medium', 'high'
$ sudo ufw logging HIGH

$ sudo ufw logging on
$ sudo ufw logging off

$/etc/ufw# ls
after6.rules  after.rules  applications.d  before6.rules  before.rules  sysctl.conf  ufw.conf

$ Watching the streaming firewall log file
tail -f file | grep --line-buffered UFW

$ Adding IPv6 support
$ nano /etc/default/ufw
$ ---> add "IPV6=yes"
$ sudo ufw reload

Leave a Reply

Your email address will not be published. Required fields are marked *