Ubuntu firewall configuration

Source: Internet
Author: User
Tags ssh port
First, write firewall rules to reject access to the server through the firewall. UbuntuServer uses the name Uncompl

First, write firewall rules to reject access to the server through the firewall. Ubuntu Server uses a firewall named Uncomplicated Fire Wall (UFW), which is actually an iptable management tool. Iptable filters network data packets based on a series of rules compiled by the system administrator. For beginners, iptable may be complicated, so UFW simplifies it. UFW can help you enhance your server. However, if you are really interested in server security, you can learn how to write rules for iptable so that you can better adjust the server security level.

To use UFW, you must install it. Perform the following steps:

Input from command line

Sudo aptitude install ufw

Press Enter and Enter the password. Press Enter again to install the software package.

To enable the firewall, enter the following content:

Sudo ufw enable

Press Enter. You will see the message Firewall started and enabled on system startup. Now you can create rules for your firewall.

Remember how you changed the SSH port before?

To use UFW to open the port by creating a rule, enter the following content in the command line:

Sudo ufw allow65000

This command allows access through Port 65000 and allows SSH communication to enter the server.

To deny access through this port, run the following command:

Sudo ufw deny 65000

To allow or deny specific communications on TCP port 65000, run the following command:

Sudo ufw allow65000/tcp

You can also allow or deny communication according to the protocol used for communication. For example, to prevent all HTTP communication, run the following command:

Sudo ufw deny http

You can create more complex rules to deny or allow services based on the service IP address. For example, if your computer has an IP address 192.168.1.30 and your server has an IP address 192.168.1.5, you can only allow the IP address of your computer to establish an SSH connection:

Sudo ufw allow proto tcp from 192.168.1.30 to 1921381.5 port 65000

To check the rules currently running UFW, enter:

Sudo ufw status

You will see the list of rules compiled for the firewall. If you want to delete a rule, enter:

Sudo delete [rule]

Ufw is a simple firewall configuration tool in Ubuntu, and the underlying layer still calls iptables for processing. although its functions are simple, it is more practical for desktop applications and has basic common functions, it is easy to use.

1. install

Sudo apt-get install ufw

2. Enable

Sudo ufw enable

Sudo ufw default deny

After running the preceding two commands, the firewall is enabled and automatically enabled when the system starts.

Disable all external access to the local machine, but the local access to the external is normal.

3. enable/disable

Sudo ufw allow | deny [service]

Open or close a port, for example:

Sudo ufw allow smtp allows all external IP addresses to access the local port 25/tcp (smtp ).

Sudo ufw allow 22/tcp allows all external IP addresses to access the local port 22/tcp (ssh)

Sudo ufw allow 53 allows external access to port 53 (tcp/udp)

Sudo ufw allow from 192.168.1.100 allows this IP address to access all local ports

Sudo ufw allow proto udp 192.168.0.1 port 53 to 192.168.0.2 port 53

Sudo ufw deny smtp prohibit external access to the smtp service

Sudo ufw delete allow smtp delete a rule created above

4. view the firewall status

Sudo ufw status

For general users, only the following settings are required:

Sudo apt-get install ufw

Sudo ufw enable

Sudo default deny

The preceding three commands are safe enough. if you need to open some services, use sudo ufw allow.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.