Ubuntu default firewall install, enable, configure, port, view status related information

Source: Internet
Author: User

One of the simplest operations:

sudo UFW status (if you are root, remove SUDO,UFW status) to check the status of the firewall, my return is: inactive (default is inactive).
sudo UFW version firewall versions:
Copyright 2008-2009 Canonical Ltd.
Ubuntu system has UFW installed by default.

1. Installation

sudo apt-get install UFW

2. Enable

sudo UFW enable
sudo ufw default deny
After running the above two commands, the firewall is turned on and turned on automatically when the system starts. All external access to the native is turned off, but the native access is normal externally.

3. Turn ON/off

sudo ufw allow|deny [service]
Open or close a port, for example:
sudo UFW allow SMTP allows all external IPs to access native 25/TCP (SMTP) ports
sudo ufw allow 22/tcp allows all external IP access to the native 22/tcp (SSH) port
This is important, ssh telnet for SECURECRT and other software recommendations to open. Or do not open the firewall.
sudo UFW allow 53 allows external access to 53 ports (TCP/UDP)
sudo ufw allow from allows this IP access to all native ports
sudo ufw allow proto UDP port port 53
sudo UFW deny SMTP prevents external access to the SMTP service
sudo ufw delete allow SMTP to delete a rule established above

4. View firewall status

sudo UFW status
For general users, only the following settings are required:
sudo apt-get install UFW
sudo UFW enable
sudo ufw default deny
The above three commands are safe enough, if you need to open some services, then use sudo ufw allow to open.
Turn firewall on/off (the default setting is ' Disable ')
sudo ufw enable|disable
Convert log status
sudo ufw logging On|off
Set default policy (e.g. "mostly open" vs "mostly closed")
sudo ufw default Allow|deny
Licensed or shielded port (you can view the list of services in "status"). You can specify a service name that exists in/etc/services in the "Protocol: port" mode, or through the meta-data of the package. The ' Allow ' parameter will add the entry to/etc/ufw/maps, while ' deny ' is the opposite. The basic syntax is as follows:
sudo ufw allow|deny [service]
Displays the listening state of the firewall and port, see/var/lib/ufw/maps. The numbers in parentheses will not be displayed.
sudo UFW status
UFW Use Example:
Allow Port 53
$ sudo ufw allow 53
Disable Port 53
$ sudo ufw delete Allow 53
Allow Port 80
$ sudo ufw allow 80/tcp
Disable Port 80
$ sudo ufw delete Allow 80/tcp
Allow SMTP ports
$ sudo ufw allow SMTP
Remove licensing for SMTP ports
$ sudo ufw delete allow SMTP
Allow a specific IP
$ sudo ufw allow from
Delete the above rule
$ sudo ufw delete allow from
The Linux 2.4 Kernel later provides a very good firewall tool: Netfilter/iptables, he is free and powerful, can control the incoming and outgoing information, it can achieve firewall, NAT (network address translation) and data packet segmentation and other functions. NetFilter work inside the kernel, while iptables is the table structure that lets the user define the rule set.

But Iptables's rules are slightly "complex", so Ubuntu provides UFW as a setting tool to simplify some of Iptables's settings, with the background still iptables. UFW is the abbreviation of uncomplicated firewall, some complex settings or to go to iptables.

UFW related files and folders are:

/etc/ufw/: There are some UFW environment settings files, such as Before.rules, After.rules, sysctl.conf, ufw.conf, and IP6 and Before6.rule for After6.rules. These files generally follow the default settings for OK.

If the UFW is turned on,/etc/ufw/sysctl.conf will overwrite the default/etc/sysctl.conf file, if your original/etc/sysctl.conf has been modified, if you start UFW,/etc/ufw/ Sysctl.conf in the new assignment, it will overwrite/etc/sysctl.conf, otherwise the/etc/sysctl.conf shall prevail. Of course you can set which sysctrl.conf to use by modifying the "ipt_sysctl=" entry in/ETC/DEFAULT/UFW.

/var/lib/ufw/user.rules This file is a set of some of our firewall rules, open probably can see, sometimes we can directly modify the file, do not use the command to set. After the change, remember UFW reload restart UFW make the new rule take effect.

Here are some examples of the UFW command line:

UFW enable/disable: Open/Close UFW
UFW Status: View the UFW rules that have been defined
UFW default Allow/deny: Inbound access defaults to allow/deny
UFW allow/deny 20: Allow/deny access to 20 ports, 20 can be followed by/tcp or/UDP, indicating TCP or UDP packets.
UFW allow/deny SERVICENAME:UFW Find the corresponding service port from the/etc/services and filter it.
UFW enable proto TCP from to native IP port 25: Allow self- TCP packets to access 25 ports on this machine.
UFW Delete Allow/deny 20: Delete the previously defined rules for allow/deny access to 20 ports

Ubuntu default firewall install, enable, configure, port, view status related information

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.