Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you about how to set up the firewall UFW in the Ubuntu system. The article is rich in content and analyzes and describes for you from a professional point of view. I hope you can get something after reading this article.

An excellent firewall tool has been provided in the Linux kernel since version 2. 4. This tool can segment, filter and forward the network data in and out of the service, and then realize functions such as firewall, NAT and so on.

Generally speaking, we will use well-known programs such as Big iptables to manage the rules of this firewall. Iptables can define firewall rules flexibly, and its function is very powerful. But the side effect is that the configuration is too complex. Ubuntu has always been known for its ease of use. In its release, Ubuntu comes with a firewall configuration tool that is much simpler than iptables: ufw.

Ufw is not enabled by default. In other words, the ports in ubuntu are open by default. Start ufw using the following command:

$sudo ufw default deny

$sudo ufw enable

With the first command, we set the default rule to allow so that all ports are closed by default unless the open port is specified. The second command starts ufw. If you restart the machine next time, ufw will also start automatically.

For most firewall operations, it is nothing more than opening and closing ports. To open port 22 of the SSH server, we can do this:

$sudo ufw allow 22

Because in / etc/services, the service name for port 22 is ssh. So the following command is the same:

$sudo ufw allow ssh

You can now view the status of the firewall with the following command:

$sudo ufw status

Firewall loaded

To Action From

-

22:tcp ALLOW Anywhere

22:udp ALLOW Anywhere

We can see that both tcp and udp protocols for port 22 are turned on.

Delete the rules that have been added:

$sudo ufw delete allow 22

Open only port 22 that uses the tcp/ip protocol:

$sudo ufw allow 22/tcp

Open port 80 of the tcp request from 192.168.0.1:

$sudo ufw allow proto tcp from 192.168.0.1 to any port 22

To relate to the firewall:

$sudu ufw disable

Ufw Firewall configuration under ubuntu

UFW firewall is a host-side iptables firewall configuration tool. The purpose of this tool is to provide users with an easy-to-navigate interface, just like an open port for package integration and dynamic detection.

Install UFW in Ubuntu:

This package currently exists in the library of Ubuntu 8.04.

Sudo apt-get install ufw

The above command will install the software on your system.

Turn the firewall on / off (default is' disable')

# ufw enable | disable

Transition log statu

# ufw logging on | off

Set the default policy (such as "mostly open" vs "mostly closed")

# ufw default allow | deny

Allow or block some incoming packets (you can find a list of services in "status" [see later]). You can specify a service name that exists in / etc/services in the way of "protocol: Port", or through the meta-data of the package. The 'allow' parameter adds the entry to / etc/ufw/maps, while the' deny' 'parameter does the opposite. The basic syntax is as follows:

# ufw allow | deny [service]

Displays the listening status of firewalls and ports, see / var/lib/ufw/maps. The numbers in parentheses will not be displayed.

# ufw status

[note: sudo is not used in the above, but the command prompt symbol is "#". So. You know what that means. This is the original text. ── translator's Note]

Examples of UFW usage:

Allow port 53

$sudo ufw allow 53

Disable port 53

$sudo ufw delete allow 53

Allow port 80

$sudo ufw allow 80/tcp

Disable port 80

$sudo ufw delete allow 80/tcp

Allow smtp port

$sudo ufw allow smtp

Delete license for smtp port

$sudo ufw delete allow smtp

Allow a specific IP

$sudo ufw allow from 192.168.254.254

Delete the above rule

$sudo ufw delete allow from 192.168.254.254

-

I also use 7.10 myself, so the above steps in the process of translation have not been tested.

Ubuntu's name is so quiet that I can't remember it all the time:

* Ubuntu 6.06 LTS (Dapper Drake)

* Ubuntu 6.10 (Edgy Eft)

* Ubuntu 7.04 (Feisty Fawn)

* Ubuntu 7.10 (Gutsy Gibbon)

* Ubuntu 8.04 (Hardy Heron)

Ubuntu firewall

Ufw is a simple firewall configuration tool under Ubuntu, and the bottom layer still calls iptables to deal with it. Although the function is simple, it is more practical for desktop applications. It has all the basic common functions and is easy to use.

= = original admin.net#163.com, reprint please indicate = =

1. Installation

Sudo apt-get install ufw

two。 Enable

Sudo ufw enable

Sudo ufw default deny

After running the above two commands, the firewall is turned on and automatically turned on when the system starts.

Turn off all external access to the local machine, but the external access to the local machine is normal.

3. Enable / disable

Sudo ufw allow | deny [service]

Open or close a port, for example:

Sudo ufw allow smtp allows all external IP access to the native 25/tcp (smtp) port

Sudo ufw allow 22/tcp allows all external IP access to the native 22/tcp (ssh) port

Sudo ufw allow 53 allows external access to port 53 (tcp/udp)

Sudo ufw allow from 192.168.1.100 allows this IP to access all native ports

Sudo ufw allow proto udp 192.168.0.1 port 53 to 192.168.0.2 port 53

Sudo ufw deny smtp prohibits external access to smtp services

Sudo ufw delete allow smtp deletes one of the rules established above

4. View firewall status

Sudo ufw status

For ordinary users, you only need to set the following settings:

Sudo apt-get install ufw

Sudo ufw enable

Sudo default deny

The above three commands are secure enough. If you need to open some services, use sudo ufw allow to open them.

Introduction to UFW Settings of Ubuntu Firewall

1. Installation

Sudo apt-get install ufw

two。 Enable

Sudo ufw enable

Sudo ufw default deny

After running the above two commands, the firewall is turned on and automatically turned on when the system starts. Turn off all external access to the local machine, but the external access to the local machine is normal.

3. Enable / disable

Sudo ufw allow | deny [service]

Open or close a port, for example:

Sudo ufw allow smtp allows all external IP access to the native 25/tcp (smtp) port

Sudo ufw allow 22/tcp allows all external IP access to the native 22/tcp (ssh) port

Sudo ufw allow 53 allows external access to port 53 (tcp/udp)

Sudo ufw allow from 192.168.1.100 allows this IP to access all native ports

Sudo ufw allow proto udp 192.168.0.1 port 53 to 192.168.0.2 port 53

Sudo ufw deny smtp prohibits external access to smtp services

Sudo ufw delete allow smtp deletes one of the rules established above

4. View firewall status

Sudo ufw status

For ordinary users, you only need to set the following settings:

Sudo apt-get install ufw

Sudo ufw enable

Sudo ufw default deny

The above three commands are secure enough. If you need to open some services, use sudo ufw allow to open them.

Turn the firewall on / off (default is' disable')

Sudo ufw enable | disable

Transition log statu

Sudo ufw logging on | off

Set the default policy (such as "mostly open" vs "mostly closed")

Sudo ufw default allow | deny

License or block ports (you can see a list of services in "status"). You can specify a service name that exists in / etc/services in the way of "protocol: Port", or through the meta-data of the package. The 'allow' parameter adds the entry to / etc/ufw/maps, while the' deny' 'parameter does the opposite. The basic syntax is as follows:

Sudo ufw allow | deny [service]

Displays the listening status of firewalls and ports, see / var/lib/ufw/maps. The numbers in parentheses will not be displayed.

Sudo ufw status

Examples of UFW usage:

Allow port 53

$sudo ufw allow 53

Disable port 53

$sudo ufw delete allow 53

Allow port 80

$sudo ufw allow 80/tcp

Disable port 80

$sudo ufw delete allow 80/tcp

Allow smtp port

$sudo ufw allow smtp

Delete license for smtp port

$sudo ufw delete allow smtp

Allow a specific IP

$sudo ufw allow from 192.168.254.254

Delete the above rule

$sudo ufw delete allow from 192.168.254.254

The above is the editor for you to share how to set the firewall UFW in the Ubuntu system, if you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.