Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to install ufw Firewall using ubuntu in linux

2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >

Share

Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to install and use ubuntu ufw firewall in linux. In daily operation, I believe many people have doubts about how to install and use ubuntu ufw firewall in linux. Xiaobian consulted all kinds of information and sorted out simple and easy to use operation methods. I hope to answer your doubts about how to install and use ubuntu ufw firewall in linux. Next, please follow the small series to learn together!

LInux's original firewall tool iptables is too cumbersome, so ubuntu provides a firewall tool ufw based on iptables by default. UFW supports graphical interface operations, just run the ufw command on the command line to see a series of operations. Next, by the professional operation of Hong Kong servers, American servers, South Korean servers and other foreign servers of the world data for everyone to introduce ubuntu system firewall open, close and other conventional operation commands.

sudo ufw version Firewall version:

ufw 0.29-4ubuntu1

Copyright 2008-2009 Canonical Ltd.

Ubuntu is installed by default.

1. installation

sudo apt-get install ufw

2. enabled

sudo ufw enable

sudo ufw default deny

After running the above two commands, the firewall is turned on and automatically turned on when the system starts. Turn off all external access to this machine, but local access to external is normal.

3. On/Off

sudo ufw allow|deny [service]

Open or close a port, for example:

sudo ufw allow smtp Allow all external IPs to access port 25/tcp (smtp) on this machine

sudo ufw allow 22/tcp Allow all external IPs to access port 22/tcp (ssh) on this machine

sudo ufw allow 53 Allow external access to port 53 (tcp/udp)

sudo ufw allow from 192.168.1.100 Allow this IP access to all native ports

sudo ufw allow proto udp 192.168.0.1 port 53 to 192.168.0.2 port 53

sudo ufw deny smtp prohibits external access to smtp services

sudo ufw delete allow smtp Delete a rule created above

4. View firewall status

sudo ufw status

For general users, you only need to set the following settings:

sudo apt-get install ufw

sudo ufw enable

sudo ufw default deny

The above three commands are safe enough. If you need to open some services, use sudo ufw allow.

Turn firewall on/off (default setting is 'disable')

sudo ufw enable|disable

transition log status

sudo ufw logging on|off

Set default policies (e.g."mostly open" vs "mostly closed")

sudo ufw default allow|deny

Allow or block ports (see "status" for service list). A service name that exists in/etc/services can be specified as "protocol: port" or via meta-data of the package. The 'allow' argument adds entries to/etc/ufw/maps, whereas 'deny' does the opposite. The basic syntax is as follows:

sudo ufw allow|deny [service]

Displays the listening status of firewalls and ports, see/var/lib/ufw/maps. Numbers in parentheses will not be displayed.

sudo ufw status

Examples of UFW use:

Allow 53 ports

$ sudo ufw allow 53

Disable port 53

$ sudo ufw delete allow 53

Allow 80 ports

$ sudo ufw allow 80/tcp

Disable port 80

$ sudo ufw delete allow 80/tcp

Allow smtp port

$ sudo ufw allow smtp

Remove license for smtp port

$ sudo ufw delete allow smtp

Allow a specific IP

$ sudo ufw allow from 192.168.254.254

Delete the rule above

$ sudo ufw delete allow from 192.168.254.254

Linux 2.4 kernel provides a very good firewall tool: netfilter/iptables, he is free and powerful, can flow in and out of the information for detailed control, it can achieve firewall, NAT (network address translation) and packet segmentation and other functions. Netfilter works inside the kernel, while iptables is a table structure that lets users define rule sets.

But iptables rules are a bit "complicated," so ubuntu provides ufw to simplify some of iptables 'settings, which are still iptables in the background. Ufw is short for uncomplicated firewall, some complex settings or iptables.

ufw-related files and folders include:

/etc /ufw/: This file contains ufw environment configuration files such as before.rules, after.rules, sysctl.conf, ufw.conf, and before6.rule and after6.rules for ip6. These files are generally ok with default settings.

If ufw is enabled,/etc/ufw/sysctl.conf will overwrite the default/etc/sysctl.conf file. If your original/etc/sysctl.conf has been modified, after ufw is enabled, if there are new assignments in/etc/ufw/sysctl.conf, it will overwrite/etc/sysctl.conf. Otherwise,/etc /sysctl.conf will prevail. Of course you can set which sysctrl.conf. to use by modifying the "IPT_SYSCTL=" entry in/etc/default/ufw.

/var/lib/ufw/user.rules This file is some of the firewall rules we set, open it can probably see, sometimes we can directly modify this file, do not use commands to set. After modification remember ufw reload Restart ufw to make the new rule take effect.

Here are some examples of the ufw command line:

ufw enable/disable: open/close ufw

ufw status: View defined ufw rules

ufw default allow/deny: foreign access default allow/deny

ufw allow/deny 20: Allow/deny access to port 20, followed by/tcp or/udp after 20, indicating tcp or udp packets.

ufw allow/deny servicename:ufw Find the port corresponding to service from/etc/services and filter it.

ufw allow proto tcp from 10.0.1.0/10 to local ip port 25: allow tcp packets from 10.0.1.0/10 to access local ip port 25.

ufw delete allow/deny 20: Delete the previously defined rule "Allow/deny access to port 20"

At this point, on "linux how to install the use of ubuntu ufw firewall" learning is over, I hope to solve everyone's doubts. Theory and practice can better match to help everyone learn, go and try it! If you want to continue learning more relevant knowledge, please continue to pay attention to the website, Xiaobian will continue to strive to bring more practical articles for everyone!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Internet Technology

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report