UFW
ufw
Enable firewall:
sudo ufw enable
Disable firewall:
sudo ufw disable
Show rules:
sudo ufw status sudo ufw status numbered # rule numbers (for easy delete) sudo ufw status verbose # with port numbers
Allow traffic:
# sudo ufw allow 22/tcp sudo ufw allow 22/tcp comment "SSH" sudo ufw allow 53/tcp comment "DNS"
Disallow traffic
sudo ufw deny 53/tcp
Delete rule:
sudo ufw delete allow 53/tcp sudo ufw delete 1 # rule number from 'ufw status numbered'
Rules are written to:
/lib/ufw/user.rules
References:
- UFW - Community Help Wiki - https://help.ubuntu.com/community/UFW
Add IP Based Firewall Rule
ufw allow from 10.0.0.100 port 111 proto udp comment "Server NFS"
Add Range
sudo ufw allow proto tcp from 192.168.1.16/28 to 192.168.1.48 port 80
sudo ufw allow proto tcp from 192.168.1.0/27 to 192.168.1.48 port 80
ufw allow proto udp from 10.0.0.0/24 to any port 138 comment "Samba"
ref: [1]
Delete Range
ufw status numbered
Example, delete from 31 to 18:
for i in `seq 31 -1 18`; do ufw -f delete $i ; done
UFW Applications
/etc/ufw/applications.d/apache
[Apache] title=Web Server description=Apache v2 is the next generation of the omnipresent Apache web server. ports=80/tcp [Apache Secure] title=Web Server (HTTPS) description=Apache v2 is the next generation of the omnipresent Apache web server. ports=443/tcp [Apache Full] title=Web Server (HTTP,HTTPS) description=Apache v2 is the next generation of the omnipresent Apache web server. ports=80,443/tcp
/etc/ufw/applications.d/terraria
[Terraria] title=Terraria Server description=Terraria Server ports=7777/tcp
Make sure the application rule is not group writable:
chmod 644 [RULE_FILE]
List applications:
ufw app list
Application info:
ufw app info [APP]
Allow:
ufw allow Apache ufw allow terraria
Disable Logging
To stop UFW from logging to dmesg, disable logging completely: [1]
sudo ufw logging off
OR BETTER YET...
# alias dmesg='dmesg | grep -v UFW' alias dmesg='dmesg --color=always | grep -v UFW --color=always'
Add this to your .bashrc