Common commands for Ubuntu firewall

Ubuntu default firewall installation. Enable. Configure. Port. View status-related information

One of the simplest operations:

sudo UFW status (if you are root, remove SUDO,UFW status) to check the status of the firewall, my return is: inactive (default is inactive).
sudo UFW version firewall versions:
UFW 0.29-4UBUNTU1
Copyright 2008-2009 Canonical Ltd.
Ubuntu system has UFW installed by default.

1. Installation

sudo apt-get install UFW

2. Enable

sudo UFW enable
sudo ufw default deny
After running the above two commands, the firewall is turned on and turned on automatically when the system starts. All external access to the native is turned off, but the native access is normal externally.

3. Turn on/off sudo ufw allow|deny [service]

Open or close a port, for example:
sudo UFW allow SMTP allows all external IPs to access native 25/TCP (SMTP) ports
sudo ufw allow 22/tcp allows all external IP access to the native 22/tcp (SSH) port
This is important, ssh telnet for SECURECRT and other software recommendations to open. Or do not open the firewall.

sudo UFW allow 53 allows external access to 53 ports (TCP/UDP)
sudo ufw allow from 192.168.1.100 allows this IP access to all native ports
sudo ufw allow proto UDP 192.168.0.1 port 192.168.0.2 port 53
sudo UFW deny SMTP prevents external access to the SMTP service
sudo ufw delete allow SMTP to delete a rule established above

4. View firewall status

sudo UFW status

For general users, only the following settings are required:
sudo apt-get install UFW installation firewall
sudo UFW enable firewall
sudo ufw default deny disable firewall enabled
The above three commands are safe enough, if you need to open some services, then use sudo ufw allow to open.

Turn firewall on/off (the default setting is ' Disable ')
sudo ufw enable|disable conversion log Status
sudo ufw logging On|off set default policy (e.g. "mostly open" vs "mostly closed")
sudo ufw default Allow|deny
Licensed or shielded port (you can view the list of services in "status"). You can specify a service name that exists in/etc/services in the "Protocol: port" mode, or through the meta-data of the package. The ' Allow ' parameter will add the entry to/etc/ufw/maps, while ' deny ' is the opposite. The basic syntax is as follows:
sudo ufw allow|deny [service] shows the listening state of the firewall and port, see/var/lib/ufw/maps. The numbers in parentheses will not be displayed.

sudo UFW status
UFW Use Example:
Allows 53 port $ sudo UFW allow 53
Disable 53-Port $ sudo ufw delete Allow 53

Allows 80 port $ sudo ufw allow 80/tcp
Disable 80-Port $ sudo ufw delete Allow 80/tcp

Allow SMTP port $ sudo UFW enable SMTP
Remove license for SMTP port $ sudo ufw delete allow SMTP

Allow a specific IP $ sudo ufw enable from 192.168.254.254
Remove the above rule $ sudo ufw delete allow from 192.168.254.254

The Linux 2.4 Kernel later provides a very good firewall tool: Netfilter/iptables, he is free and powerful, can control the incoming and outgoing information, it can achieve firewall, NAT (network address translation) and data packet segmentation and other functions. NetFilter work inside the kernel, while iptables is the table structure that lets the user define the rule set.

But Iptables's rules are slightly "complex", so Ubuntu provides UFW as a setting tool to simplify some of Iptables's settings, with the background still iptables. UFW is the abbreviation of uncomplicated firewall, some complex settings or to go to iptables.

UFW related files and folders are:

/etc/ufw/: There are some UFW environment settings files, such as Before.rules, After.rules, sysctl.conf, ufw.conf, and IP6 and Before6.rule for After6.rules. These files generally follow the default settings for OK.

If the UFW is turned on,/etc/ufw/sysctl.conf will overwrite the default/etc/sysctl.conf file, if your original/etc/sysctl.conf has been modified, if you start UFW,/etc/ufw/ Sysctl.conf in the new assignment, it will overwrite/etc/sysctl.conf, otherwise the/etc/sysctl.conf shall prevail. Of course you can set which sysctrl.conf to use by modifying the "ipt_sysctl=" entry in/ETC/DEFAULT/UFW.

/var/lib/ufw/user.rules This file is a set of some of our firewall rules, open probably can see, sometimes we can directly modify the file, do not use the command to set. After the change, remember UFW reload restart UFW make the new rule take effect.

Here are some examples of the UFW command line:

UFW enable/disable Open/Close UFW
UFW Status View the UFW rules that have been defined
UFW default Allow/deny foreign access defaults allow/Deny
UFW Allow/deny 20 allows/denies access to 20 ports, 20 can be followed by/tcp or/UDP, indicating TCP or U DP packets.
UFW Allow/deny servicename UFW find the corresponding service port from the/etc/services for filtering.
UFW allow proto TCP from 10.0.1.0/10 to native IP port 25 allows a TCP packet from 10.0.1.0/10 access to the local 25 port.
UFW Delete Allow/deny 20 Remove the previously defined rules for allow/deny access to 20 ports

Common commands for Ubuntu firewall