Shulou(Shulou.com)06/01 Report--

The purpose of this article is to share with you about the usage of UFW in Linux system. I think it is very practical, so I share it with you. I hope you can get something after reading this article.

Introduction to UFW: ufw (simple Firewall (Uncomplicated FireWall)) really simplifies iptables, which has become the default firewall on systems such as Ubuntu and Debian in the past few years. And ufw is surprisingly simple, which is a boon for new administrators, otherwise they may have to invest a lot of time to learn firewall management.

Ufw also has a GUI client (such as gufw), but the ufw command is usually executed on the command line.

The installation UFW:UFW is included in Ubuntu by default, but it needs to be installed in Arch and Debian. Debian will automatically enable the systemd unit of UFW and cause it to start on restart, but Arch will not. This is different from telling UFW to enable firewall rules, because enabling UFW with systemd or upstart simply tells the init system to open the UFW daemon.

By default, the rule set for UFW is empty, so no firewall rules are enforced even if the daemon is running. The section that enforces the firewall rule set is below.

Arch Linux1, install UFW:

Sudo pacman-S ufw2, systemd unit that launches and enables UFW:

Sudo systemctl start ufwsudo systemctl enable ufwDebian / Ubuntu1, install UFW

Sudo apt-get install ufw uses UFW management firewall rules to set default rules. Most systems only need to open a small number of ports to accept incoming connections and close all remaining ports. Starting from a simple rule base, the ufw default command can be used to set default response actions for incoming and outgoing connections. To reject all incoming and allow all outgoing connections, run:

Sudo ufw default allow outgoingsudo ufw default deny incomingufw default also allows the use of the reject parameter.

Warning:

Unless you explicitly set the allow rules, configuring the default deny or reject rules will lock your server. Ensure that the allow rules for SSH and other critical services are configured in the following section before applying the default deny or reject rules.

Add rules there are two ways to add rules: represented by a port number or a service name.

To allow incoming and outgoing connections on port 22 of SSH, you can run:

You can also run sudo ufw allow ssh:

Similarly for sudo ufw allow 22, to deny traffic on a specific port, such as 111, you need to run:

Sudo ufw deny 111to better adjust your rules, you can also allow packages based on TCP or UDP. The following example allows TCP packages for port 80:

Sudo ufw allow 80/tcpsudo ufw allow http/tcp this allows UDP packets on port 1725:

In addition to port-based permission or blocking, sudo ufw allow 1725/udp advanced rules allow you to allow / block according to a combination of IP address, subnet, and IP address / subnet / port.

Allow connections from one IP address:

Sudo ufw allow from 123.45.67.89 allows connections for specific subnets:

Sudo ufw allow from 123.45.67.89Compact 24 allows a combination of specific IP/ ports:

Sudo ufw allow from 123.45.67.89 to any port 22 proto tcpproto tcp can be deleted or changed to proto udp according to your requirements, and the allow of all examples can be changed into deny as needed.

To delete a rule, delete a rule and add delete before the rule. If you want to no longer allow HTTP traffic, you can run:

Sudo ufw delete allow 80 delete rules can also use the service name.

Although you can add simple rules from the command line by editing UFW's configuration file, you may still need to add or remove more advanced or specific rules. Before running the rules entered through the terminal, UFW runs a file before.rules that allows services such as the loopback interface, ping, and DHCP. To add or change these rules, edit the / etc/ufw/before.rules file. Before6.rules files in the same directory are used for IPv6.

There is also an after.rule and after6.rule file to add any rules that need to be added after UFW runs the rules you enter from the command line.

There is also a configuration file located at / etc/default/ufw. From here, you can disable or enable IPv6, set default rules, and set UFW to manage the built-in chain of fire walls.

UFW status you can use the command: sudo ufw status to check the status of UFW at any time. This displays a list of all rules and whether UFW is active:

Status: activeTo Action From---22 ALLOW Anywhere80/tcp ALLOW Anywhere443 ALLOW Anywhere22 (V6) ALLOW Anywhere (V6) 80 / tcp (V6) ALLOW Anywhere (V6) 443 (V6) ALLOW Anywhere (V6) enable firewall as you select rules to complete When you initially run ufw status, you may output Status: inactive. Enable UFW and enforce firewall rules:

Sudo ufw enable similarly, disable the UFW rule:

Sudo ufw disableUFW will continue to run and will start again the next time it starts.

Logging you can start logging with the following command:

Sudo ufw logging on can design the log level by running sudo ufw logging low | medium | high. You can choose low, medium or high. The default level is low.

The regular log is similar to the following, located at / var/logs/ufw:

Sep 16 15:08:14 kernel: [UFW BLOCK] the values in front of IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=123.45.67.89 DST=987.65.43.21 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=8475 PROTO=TCP SPT=48247 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 list the date, time, and hostname of your server. The remaining important information includes:

[UFW BLOCK]: this is where the description of the recording event begins. In this case, it means that the connection is blocked.

IN: if it contains a value, then the event is an incoming event

OUT: if it contains a value, then the event is an outgoing event

MAC: a combination of destination and source MAC addresses

SRC: the IP of the packet source

DST: IP of the destination land

LEN: packet length

TTL: packet TTL, or time to live. Before finding the destination, it will jump between routers until it expires.

PROTO: protocol of the packet

SPT: source port of the packet

DPT: the destination port of the packet

WINDOW: the size of packets that can be received by the sender

SYN URGP: indicates whether a three-way handshake is required. 0 means no need.

This is what the use of UFW in Linux system is. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.