85 lines
2.6 KiB
Text
85 lines
2.6 KiB
Text
= Ubuntu Uncomplicated Firewall (ufw) cookbook of configuration examples
|
|
|
|
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
|
|
|
|
<<Disable/unload the firewall>> +
|
|
<<Verify status of the ufw firewall>> +
|
|
<<Enable ufw firewall>> +
|
|
<<Allow SSH access to this server from Any IP source>> +
|
|
<<Delete a rule by its number>> +
|
|
|
|
|
|
== Disable/unload the firewall
|
|
Beware: after running this command all access restrictions imposed by ufw rules will be gone.
|
|
|
|
|
|
`*ufw disable*`
|
|
|
|
|
|
== Verify status of the ufw firewall
|
|
|
|
`*# ufw status*` - Show short status. +
|
|
....
|
|
Status: active
|
|
|
|
To Action From
|
|
-- ------ ----
|
|
22 ALLOW Anywhere
|
|
Anywhere ALLOW 10.10.10.0/24
|
|
22 (v6) ALLOW Anywhere (v6)
|
|
....
|
|
|
|
|
|
`*ufw status verbose*`- Show all rules, including the default ones, and logging level.
|
|
----
|
|
Status: active
|
|
Logging: on (low)
|
|
Default: deny (incoming), allow (outgoing), allow (routed)
|
|
New profiles: skip
|
|
|
|
To Action From
|
|
-- ------ ----
|
|
22 ALLOW IN Anywhere
|
|
Anywhere ALLOW IN 10.10.10.0/24
|
|
22 (v6) ALLOW IN Anywhere (v6)
|
|
----
|
|
|
|
|
|
`*ufw status numbered*` - Show rules with their sequence numbers, that we can later use to delete some specific rule.
|
|
|
|
----
|
|
Status: active
|
|
To Action From
|
|
-- ------ ----
|
|
[ 1] 22 ALLOW IN Anywhere
|
|
[ 2] Anywhere ALLOW IN 10.10.10.0/24
|
|
[ 3] 22 (v6) ALLOW IN Anywhere (v6)
|
|
----
|
|
|
|
|
|
== Enable ufw firewall
|
|
*ufw enable* - Enable _ufw_ firewall and load the default rules, as well as user created if any in the `/etc/ufw/user.rules`.
|
|
|
|
|
|
== Allow SSH access to this server from Any IP source
|
|
`*ufw allow 22*` - Add port 22 to the `filter` table with action of `allow`. The rule will be added to the `/etc/ufw/user.rules` file and will survive reboot.
|
|
|
|
|
|
|
|
== Delete a rule by its number
|
|
`*ufw delete <rule number>*` +
|
|
First, see the rule numbers with `*ufw status numbered*`. Let's say I want to delete rule number 2:
|
|
|
|
----
|
|
# ufw delete 2
|
|
Deleting:
|
|
allow from 10.10.10.0/24
|
|
Proceed with operation (y|n)? y
|
|
Rule deleted
|
|
----
|
|
|
|
On deleting a rule, the ufw moves rules up, taking place of the removed rule in sequencing. That is, the rule that was numbered 3 before the deletion of rule 2, will become new rule number 2.
|
|
|
|
|
|
|
|
|