Ubuntu 9.10 uses the UFW firewall by default and supports interface operations. Run the UFW command on the command line to see a series of operations that can be performed.
The simplest operation: sudo UFW status can check the Firewall Status, and my return is: no activity
Sudo UFW version firewall version:
UFW 0.29-4ubuntu1
Copyright 2008-2009 Canonical Ltd.
UFW is installed in Ubuntu by default.
1. Install
Sudo apt-Get install UFW
2. Enable
Sudo UFW enable
Sudo UFW default deny
After running the preceding two commands, the firewall is enabled and automatically enabled when the system starts. Disable all external access to the local machine, but the local access to the external is normal.
3. enable/disable
Sudo UFW allow | deny [Service]
Open or close a port, for example:
Sudo UFW allow SMTP allows all external IP addresses to access the local port 25/tcp (SMTP ).
Sudo UFW allow 22/tcp allows all external IP addresses to access the local port 22/tcp (SSH)
Sudo UFW allow 53 allows external access to port 53 (TCP/UDP)
Sudo UFW allow from 192.168.1.100 allows this IP address to access all local ports
Sudo UFW allow proto UDP 192.168.0.1 port 53 to 192.168.0.2 port 53
Sudo UFW deny SMTP prohibit external access to the SMTP service
Sudo UFW Delete allow SMTP delete a rule created above
4. view the Firewall Status
Sudo UFW status
For general users, only the following settings are required:
Sudo apt-Get install UFW
Sudo UFW enable
Sudo UFW default deny
The preceding three commands are safe enough. If you need to open some services, use sudo UFW allow.
Enable/disable firewall ('disable' is set by default ')
Sudo UFW enable | disable
Change log status
Sudo UFW logging on | off
Set the Default policy (for example, "mostly open" vs "mostly closed ")
Sudo UFW default allow | deny
Allow or shield the port (you can view the service list in "status ). You can use "Protocol: Port" to specify a service name that exists in/etc/services, or use the meta-data package. The 'allow' parameter adds the entries to/etc/UFW/maps, while the 'deny' parameter is the opposite. The basic syntax is as follows:
Sudo UFW allow | deny [Service]
Display the listening status of the firewall and port. For more information, see/var/lib/UFW/maps. The numbers in the brackets are not displayed.
Sudo UFW status
UFW usage example:
Allow port 53
$ Sudo UFW allow 53
Disable port 53
$ Sudo UFW Delete allow 53
Allow port 80
$ Sudo UFW allow 80/tcp
Disable port 80
$ Sudo UFW Delete allow 80/tcp
Allow SMTP Port
$ Sudo UFW allow SMTP
Delete the SMTP port license
$ Sudo UFW Delete allow SMTP
Allow a specific IP Address
$ Sudo UFW allow from 192.168.254.254
Delete the preceding rule
$ Sudo UFW Delete allow from 192.168.254.254
Linux 2.4 kernel later provides a very good firewall tool: Netfilter/iptables, which is free and powerful and can be used to refine the inbound and outbound information, it can implement functions such as firewall, NAT (Network Address Translation), and packet segmentation. Netfilter works inside the kernel, while iptables allows you to define the table structure of the rule set.
However, iptables rules are a little "complicated", so Ubuntu provides the UFW setting tool to simplify some iptables settings, and its background is still iptables. UFW is short for uncomplicated firewall. For some complicated settings, you still need to go to iptables.
UFW-related files and folders include:
/Etc/UFW/: contains some UFW environment configuration files, such as before. Rules, after. Rules, sysctl. conf, UFW. conf, before6.rule of for ip6, and after6.rules. These files are generally OK according to the default settings.
If UFW is enabled,/etc/UFW/sysctl. conf will overwrite the default/etc/sysctl. CONF file, if your original/etc/sysctl. conf has been modified. After UFW is started, If/etc/UFW/sysctl. if there is a new value in Conf, it overwrites/etc/sysctl. conf, otherwise/etc/sysctl. conf. Of course, you can modify the "ipt_sysctl =" entry in/etc/default/UFW to set which sysctrl. conf to use.
/Var/lib/UFW/user. the rules file contains some of the firewall rules we have set. You can see the rules when you open the file. Sometimes you can directly modify the file without using commands. After modification, remember that UFW reload is restarted to make the new rule take effect.
Below are some examples of UFW command line:
UFW enable/disable: enable/disable UFW
UFW status: view the defined UFW rules
UFW default allow/Deny: Allow/deny external access by default
UFW allow/deny 20: Allow/deny access to port 20. After Port 20, it can be followed by/tcp or/udp, indicating TCP or UDP packets.
UFW allow/deny servicename: UFW finds the port of the corresponding service from/etc/services and filters out the port.
UFW allow proto TCP from 10.0.1.0/10 to local IP port 25: Allow TCP packets from 10.0.1.0/10 to access port 25 of the local machine.
UFW Delete allow/deny 20: Delete the previously defined rule "Allow/deny access to port 20"