Configure and administering UFW using commands

Administering UFW

UFW or uncomplicated firewall is for managing firewall rules in Ubuntu, Debian and Arch Linux. You can use the below commands for administering UFW.

To install UFW, please execute the below command,

sudo apt-get install ufw
UFW InstallAllow Rules

Always make sure to add allow rule fo SSH as priority,

sudo ufw allow ssh

or

sudo ufw allow 22

You can allow or deny a service based on protocol. For example, to allow TCP on port 80, please execute,

sudo ufw allow 80/tcp

or

sudo ufw allow http/tcp

To allow https on port 443, please execute,

sudo ufw allow 443/tcp

or

sudo ufw allow https/tcp

UFW AllowIf you wish to allow UDP protocol on port 1234, please execute,

sudo ufw allow 1234/udp

If you wish to allow traffic from a specific IP address 111.222.333.444, please execute,

sudo ufw allow from 111.222.333.444

If you wish to allow traffic from a specific subnet, then execute,

sudo ufw allow from 111.222.333.444/22

If you wish to allow a particular IP address to access a specific port, say port 80, then execute,

sudo ufw allow from 111.222.333.444 to any port 80 proto tcp

If you wish to allow a particular subnet address to access a specific port, say port 80, then execute,

sudo ufw allow from 111.222.333.444/22 to any port 80 proto tcp

 

Block Traffic

To deny traffic from a particular IP address,

sudo ufw deny from 111.222.333.444

If you wish to deny traffic from a particular IP address to a specific network interface, please execute,

sudo ufw deny in on eth1 from 111.222.333.444

If you wish to allow a particular service to a private ethernet interface, say eth1,

Allow Traffic to network interface using UFW
sudo ufw allow in on eth1 to any port 3306

To list the rules set in UFW, please execute,

sudo ufw status

Status: active

To Action From
— —— —-
22 ALLOW Anywhere
8080/tcp ALLOW Anywhere
3306 ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
8080/tcp (v6) ALLOW Anywhere (v6)
3306 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)

administering UFW statusTo enable the UFW firewall, please execute,

sudo ufw enable

To disble the UFW firewall, please execute,

sudo ufw disable

To enable the UFW logging, please execute,

sudo ufw logging on

Refer : https://en.wikipedia.org/wiki/Uncomplicated_Firewall

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.