Ubuntu Firewall settings

Source: Internet
Author: User
Tags iptables ssh server

after playing the 2.4 version of the Linux kernel, a very good firewall tool was provided. This tool can divide, filter, forward, and so on the network data of the Access service, and then realize the functions such as firewall, Nat and so on.
In general, we will use the famous iptables and other programs to manage the firewall rules. Iptables can define firewall rules flexibly and are very powerful. But the resulting side effect is that the configuration is too complex. has always been known for its ease of use Ubuntu in its release, comes with a relatively iptables simple firewall configuration tool: UFW.
UFW is not enabled by default. In other words, the ports in Ubuntu are open by default. Start UFW with the following command:
$sudo UFW Default Deny
$sudo UFW Enable
with the first command, we set the default rule to allow, so that all ports are turned off by default unless an open port is indicated. The second command launches the UFW. The UFW will also start automatically the next time you restart the machine.
for most firewall operations, it is nothing more than opening a closed port. If you want to open port 22 on the SSH server, we can do this:
$sudo UFW allow
because in/etc/services, the service name for Port 22 is SSH. So the following commands are the same:
$sudo ufw allow SSH
You can now view the status of the firewall with the following command:
$sudo UFW Status
Firewall Loaded

To Action from
    --                        ------ ----  
22:tcp allow Anywhere
22:udp allow Anywhere
we can see that the TCP and UDP protocols for Port 22 are turned on.
to delete a rule that has already been added:
$sudo UFW Delete allow
Open only port 22 using the TCP/IP protocol:
$sudo UFW allow 22/tcp
Open port 80 for TCP requests from 192.168.0.1:
$sudo UFW allow proto TCP from 192.168.0.1 to any port
to relational firewalls:
$sudu UFW Disable 

UFW Firewall is a host-side Iptables class firewall Configuration tool. The purpose of this tool is to provide users with an easy-to-navigate interface, just like package integration and dynamic detection of open ports.

Install UFW in Ubuntu:

The package currently exists in the Ubuntu 8.04 Library.

sudo apt-get install UFW

This line of command will install the software on your system.

Turn firewall on/off (the default setting is ' Disable ')

# UFW Enable|disable

Convert log status

# UFW Logging On|off

Set default policy (e.g. "mostly open" vs "mostly closed")

# UFW Default Allow|deny

License or block certain incoming packets (you can view the list of services in "status" [see below]). You can specify a service name that exists in/etc/services in the "Protocol: port" mode, or through the meta-data of the package. The ' Allow ' parameter will add the entry to/etc/ufw/maps, while ' deny ' is the opposite. The basic syntax is as follows:

# UFW Allow|deny [service]

Displays the listening state of the firewall and port, see/var/lib/ufw/maps. The numbers in parentheses will not be displayed.

# UFW Status

[Note: Although sudo is not used above, the command prompt symbol is ' # '. So...... You know what that means, huh? This is the original. --The translator's note]

UFW Use Example:

Allow Port 53

$ sudo ufw allow 53

Disable Port 53

$ sudo ufw delete Allow 53

Allow Port 80

$ sudo ufw allow 80/tcp

Disable Port 80

$ sudo ufw delete Allow 80/tcp

Allow SMTP ports

$ sudo ufw allow SMTP

Remove licensing for SMTP ports

$ sudo ufw delete allow SMTP

Allow a specific IP

$ sudo ufw allow from 192.168.254.254

Delete the above rule

$ sudo ufw delete allow from 192.168.254.254

Ubuntu Firewall settings

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.