Summary of Ubunt's default firewall tool UFW

I. Introduction

UFW is the default firewall management tool for ubuntu, which has been available since 8.04LTS.

It also appears to simplify the IPTABLES configuration. However, iptables is not powerful.

Ii. Default Configuration

Disabled by default, such:

 

As shown in figure, enable ufw, disable ufw, and view ufw status ):

All communications are allowed by default, that is, all communications are allowed by default, that is, ufw defautl allow. The method changed to ufw default disable.

Iii. Configuration

Ufw can be configured based on the port and ip address, or based on the service configuration (this is good :)).
For example, reject port 80: ufw deny 80

To delete the configuration, run ufw delete ufw deny 80.

Ip-based configuration, such:

Ufw deny from 192.168.1.0/24

Reject all communications from 192.168.1.0/24 network segments

It can also be based on ports, such:

Ufw deny proto tcp from any to 192.168.222.132 port 22

The host is denied from connecting to port 22 of SSH. For example:

Service-based configuration, such as ufw deny ssh. The effect is as follows:

Ufw logging on is enabled.

 

Log directory in/var/log/ufw. log

For more information, see man ufw.

If you are not used to password-line configuration, you can try Gufw, a graphical interface. It is the product of the shield icon. For example: