Ufw & mdash; the next simple firewall ufw in linux is an administrator tool. Ufw man documentation already contains a wide range of examples, such as 01Userscanspecifyrulesusingeitherasimplesyntaxorafullsyntax02Thesimplesynt ufw-linux's next simple firewall ufw is an administrator tool. Ufw man documents have rich examples, such: 01 Users can specify rules using either a simple syntax or a full syntax.02 The simple syntax only specifies the port and optionally the protocol to03 be allowed or denied on the host. for example: 04 05 ufw allow 5306 07 This rule will allow tcp and udp port 53 to any address on this host. to08 specify a protocol, append '/protocol' to the port. for example: 09 10 ufw allow 25 /Tcp11 12 This will allow tcp port 25 to any address on this host. ufw will also13 check/etc/services for the port and protocol if specifying a service by14 name. eg: 15 16 ufw allow smtp17 18 ufw supports both ingress and egress filtering and users may optionally19 specify a ction of either in or out for either incoming or outgoing20 traffic. if no direction is supplied, the rule applies to I Ncoming traf? 21 fic. Eg: 22 23 ufw allow in http24 ufw reject out smtp25 26 Users can also use a fuller syntax, specifying the source and destina? 27 tion addresses and ports. this syntax is based on OpenBSD's PF syntax.28 For example: 29 30 ufw deny proto tcp to any port 8031 32 This will deny all traffic to tcp port 80 on this host. another example: 33 34 ufw deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 2535 36 This will deny all traffic from the RFC1918 Class A network to tcp port37 25 with the address 192.168.0.1.38 39 ufw deny proto Tcp from 2001: db8:/32 to any port 2540 41 This will deny all traffic from the IPv6 2001: db8:/32 to tcp port 25 on42 this host. note that IPv6 must be enabled in/etc/default/ufw for IPv643 firewalling to work.44 45 ufw allow proto tcp from any to any port 80,443,808 0: 809046 47 The above will allow all traffic to tcp ports 80,443 and 8080-809048 intrusive. note that when specifying multiple port S, the ports list49 must be numeric, cannot contain spaces and must be modified as a whole.50 Eg, in the above example you cannot later try to delete just the '100' 51 port. you cannot specify more than 15 ports (ranges count as 2 ports, so52 the port count in the above example is 4 ). example: 01 $ ufw status02ERROR: You need to be root to run this script03 04 $ ufw deny 80/tcp05ERROR: You need to be roo T to run this script06 07 $ sudo ufw deny 80/tcp08 [sudo] password for sunlt: 09 Rules updated10Rules updated (v6) 11 12 $ sudo ufw status13Status: inactive14 15 $ sudo ufw enable16Firewall is active and enabled on system startup17 18 $ sudo ufw status19Status: active20 21To Action From22 -- ------ ---- 2380/tcp DENY Anywhere2480/tcp DENY Anywhere (v6) 25 26 27 $ sudo ufw status numbered28Status: active29 30 To Action From31 -- ------ ---- 32 [1] 80/tcp deny in Anywhere33 [2] 80/tcp deny in Anywhere (v6) 34 35 36 $ sudo ufw delete 137 Deleting: 38 deny 80/tcp39Proceed with operation (y | n )? Y40Rule deleted41 42 $ sudo ufw delete 243 ERROR: cocould not find rule '2' 44 45 $ sudo ufw status numbered46Status: active47 48 To Action From49 -- ------ ---- 50 [1] 80/tcp deny in Anywhere (v6) 51 52 53 $ sudo ufw delete 1 54 Deleting: 55 deny 80/tcp56Proceed with operation (y | n )? Y57Rule deleted (v6) 58 59 $ sudo ufw status numbered60Status: active61 62 $ sudo ufw disable63Firewall stopped and disabled on system startup
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
