Ubuntu Firewall settings

Ubuntu11.04 default is UFW (UFW is the abbreviation of uncomplicated firewall, not complex firewalls, cumbersome parts of the setup or need to go to the iptables) firewall, has supported the interface operation. Run the UFW command at the command line to see a list of possible actions for the prompt. The simplest operation: sudo UFW status (if you are root, remove SUDO,UFW status) to check the status of the firewall, my return is: inactive (default is inactive).  sudo UFW version Firewall versions:  UFW 0.29-4ubuntu1 copyright 2008-2009 Canonical Ltd. ubuntu The system is installed by default UFW.  1. Installing  sudo apt-get install UFW 2. Enable  sudo UFW enable sudo UFW default deny  run the above two commands, The firewall is turned on and turned on automatically when the system starts. All external access to the native is turned off, but the native access is normal externally.  3. Enable/disable  sudo UFW allow|deny [service]  turn on or off a port, for example:  sudo UFW allow SMTP allows all external IP access to native 25/TCP ( SMTP) port  sudo UFW allow 22/TCP allows all external IPs to access native 22/TCP (SSH) ports This is important, ssh telnet is used for SECURECRT and other software recommendations are turned on. Or do not open the firewall.  sudo UFW allow 53 allows external access to 53 ports (TCP/UDP)  sudo UFW enable from 192.168.1.100 allows this IP access to all native ports  sudo UFW allow Prot o UDP 192.168.0.1 Port 192.168.0.2 port 53 sudo UFW deny SMTP prohibit external access SMTP service  sudo UFW Delete allow SMTP delete above A rule established 4. To view the firewall status  sudo UFW status  general user, simply set the following: &Nbsp;sudo apt-get Install Ufw sudo UFW enable sudo UFW default deny  above three commands are safe enough, if you need to open some services, then use sudo UFW allow to open.   Turn firewall on/off (default is ' disable ')  sudo UFW enable|disable  conversion Log status  sudo UFW logging on|off  set default policy (e.g. "Mostly open" vs "mostly closed")  sudo UFW default allow|deny  license or shielded port (you can view the list of services in "status"). You can specify a service name that exists in/etc/services in the "Protocol: port" mode, or through the meta-data of the package. The ' Allow ' parameter will add the entry to/etc/ufw/maps, while ' deny ' is the opposite. The basic syntax is as follows:  sudo UFW Allow|deny [service]  shows the listening state of the firewall and port, see/var/lib/ufw/maps. The numbers in parentheses will not be displayed.  sudo UFW STATUS UFW Use example:  allow 53 port  $ sudo UFW enable 53  disable 53 port  $ sudo UFW Delete let 53& nbsp; allow 80 port  $ sudo ufw enable 80/tcp  disable 80 port  $ sudo ufw delete allow 80/tcp  enable SMTP port  $ sudo u FW Allow smtp  Delete the SMTP port license  $ sudo UFW delete enable smtp  allows a specific ip $ sudo ufw let from 192.168.254.25 4  Delete the above rule  $ sudo ufw delete allow from 192.168.254.254 linux 2.4 kernelLater, a very good firewall tool is provided: Netfilter/iptables, he is free and powerful, it can control the incoming and outgoing information, it can achieve firewall, NAT (network address translation) and data packet segmentation and other functions. NetFilter work inside the kernel, while iptables is the table structure that lets the user define the rule set.   But Iptables's rules are slightly "complex", so Ubuntu provides UFW as a setting tool to simplify some of Iptables's settings, with the background still iptables. UFW is the abbreviation of uncomplicated firewall, some complex settings or to go to iptables.  UFW related files and folders are:  /etc/ufw/: There are some UFW environment settings files, such as Before.rules, After.rules, sysctl.conf, ufw.conf, and for IP6 Before6.rule and After6.rules. These files generally follow the default settings for OK.   If UFW is turned on,/etc/ufw/sysctl.conf will overwrite the default/etc/sysctl.conf file, if your original/etc/sysctl.conf has been modified, if you start UFW,/etc/ufw/ Sysctl.conf in the new assignment, it will overwrite/etc/sysctl.conf, otherwise the/etc/sysctl.conf shall prevail. Of course, you can set which sysctrl.conf. /var/lib/ufw/user.rules to use by modifying the "ipt_sysctl=" entry in/ETC/DEFAULT/UFW, which is some of the firewall rules we set up in this file. Open probably can understand, sometimes we can directly modify this file, do not use the command to set. After the change, remember UFW reload restart UFW make the new rule take effect.   Here are some examples of the UFW command line:  UFW enable/disable: Turn UFW UFW status on/off: View defined UFW rules  UFW default Allow/deny: Foreign access default allow/Deny  UFW Allow/deny 20: Allow/deny access to 20 ports, 20 can be followed by/tcp or/UDP, which represents TCP or UDP packets.  UFW Allow/deny SERVICENAME:UFW from/etThe corresponding service port is found in the c/services and is filtered.  UFW enable proto TCP from 10.0.1.0/10 to native IP port 25: Allow self-10.0.1.0/10 TCP packets to access 25 ports on this machine.  UFW Delete Allow/deny 20: Delete the previously defined rules for allow/deny access to 20 ports

Ubuntu Firewall Settings