In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >
Share
Shulou(Shulou.com)06/01 Report--
This article mainly introduces how to install and use ubuntu ufw firewall in linux. In daily operation, I believe many people have doubts about how to install and use ubuntu ufw firewall in linux. Xiaobian consulted all kinds of information and sorted out simple and easy to use operation methods. I hope to answer your doubts about how to install and use ubuntu ufw firewall in linux. Next, please follow the small series to learn together!
LInux's original firewall tool iptables is too cumbersome, so ubuntu provides a firewall tool ufw based on iptables by default. UFW supports graphical interface operations, just run the ufw command on the command line to see a series of operations. Next, by the professional operation of Hong Kong servers, American servers, South Korean servers and other foreign servers of the world data for everyone to introduce ubuntu system firewall open, close and other conventional operation commands.
sudo ufw version Firewall version:
ufw 0.29-4ubuntu1
Copyright 2008-2009 Canonical Ltd.
Ubuntu is installed by default.
1. installation
sudo apt-get install ufw
2. enabled
sudo ufw enable
sudo ufw default deny
After running the above two commands, the firewall is turned on and automatically turned on when the system starts. Turn off all external access to this machine, but local access to external is normal.
3. On/Off
sudo ufw allow|deny [service]
Open or close a port, for example:
sudo ufw allow smtp Allow all external IPs to access port 25/tcp (smtp) on this machine
sudo ufw allow 22/tcp Allow all external IPs to access port 22/tcp (ssh) on this machine
sudo ufw allow 53 Allow external access to port 53 (tcp/udp)
sudo ufw allow from 192.168.1.100 Allow this IP access to all native ports
sudo ufw allow proto udp 192.168.0.1 port 53 to 192.168.0.2 port 53
sudo ufw deny smtp prohibits external access to smtp services
sudo ufw delete allow smtp Delete a rule created above
4. View firewall status
sudo ufw status
For general users, you only need to set the following settings:
sudo apt-get install ufw
sudo ufw enable
sudo ufw default deny
The above three commands are safe enough. If you need to open some services, use sudo ufw allow.
Turn firewall on/off (default setting is 'disable')
sudo ufw enable|disable
transition log status
sudo ufw logging on|off
Set default policies (e.g."mostly open" vs "mostly closed")
sudo ufw default allow|deny
Allow or block ports (see "status" for service list). A service name that exists in/etc/services can be specified as "protocol: port" or via meta-data of the package. The 'allow' argument adds entries to/etc/ufw/maps, whereas 'deny' does the opposite. The basic syntax is as follows:
sudo ufw allow|deny [service]
Displays the listening status of firewalls and ports, see/var/lib/ufw/maps. Numbers in parentheses will not be displayed.
sudo ufw status
Examples of UFW use:
Allow 53 ports
$ sudo ufw allow 53
Disable port 53
$ sudo ufw delete allow 53
Allow 80 ports
$ sudo ufw allow 80/tcp
Disable port 80
$ sudo ufw delete allow 80/tcp
Allow smtp port
$ sudo ufw allow smtp
Remove license for smtp port
$ sudo ufw delete allow smtp
Allow a specific IP
$ sudo ufw allow from 192.168.254.254
Delete the rule above
$ sudo ufw delete allow from 192.168.254.254
Linux 2.4 kernel provides a very good firewall tool: netfilter/iptables, he is free and powerful, can flow in and out of the information for detailed control, it can achieve firewall, NAT (network address translation) and packet segmentation and other functions. Netfilter works inside the kernel, while iptables is a table structure that lets users define rule sets.
But iptables rules are a bit "complicated," so ubuntu provides ufw to simplify some of iptables 'settings, which are still iptables in the background. Ufw is short for uncomplicated firewall, some complex settings or iptables.
ufw-related files and folders include:
/etc /ufw/: This file contains ufw environment configuration files such as before.rules, after.rules, sysctl.conf, ufw.conf, and before6.rule and after6.rules for ip6. These files are generally ok with default settings.
If ufw is enabled,/etc/ufw/sysctl.conf will overwrite the default/etc/sysctl.conf file. If your original/etc/sysctl.conf has been modified, after ufw is enabled, if there are new assignments in/etc/ufw/sysctl.conf, it will overwrite/etc/sysctl.conf. Otherwise,/etc /sysctl.conf will prevail. Of course you can set which sysctrl.conf. to use by modifying the "IPT_SYSCTL=" entry in/etc/default/ufw.
/var/lib/ufw/user.rules This file is some of the firewall rules we set, open it can probably see, sometimes we can directly modify this file, do not use commands to set. After modification remember ufw reload Restart ufw to make the new rule take effect.
Here are some examples of the ufw command line:
ufw enable/disable: open/close ufw
ufw status: View defined ufw rules
ufw default allow/deny: foreign access default allow/deny
ufw allow/deny 20: Allow/deny access to port 20, followed by/tcp or/udp after 20, indicating tcp or udp packets.
ufw allow/deny servicename:ufw Find the port corresponding to service from/etc/services and filter it.
ufw allow proto tcp from 10.0.1.0/10 to local ip port 25: allow tcp packets from 10.0.1.0/10 to access local ip port 25.
ufw delete allow/deny 20: Delete the previously defined rule "Allow/deny access to port 20"
At this point, on "linux how to install the use of ubuntu ufw firewall" learning is over, I hope to solve everyone's doubts. Theory and practice can better match to help everyone learn, go and try it! If you want to continue learning more relevant knowledge, please continue to pay attention to the website, Xiaobian will continue to strive to bring more practical articles for everyone!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.