Shulou(Shulou.com)06/02 Report--

This article mainly explains "how to understand the firewall ufw in Linux". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to understand the firewall ufw in Linux".

Let's take a look at ufw (simple Firewall) on Linux to provide some insights and commands for you to change the firewall.

Ufw (simple Firewall Uncomplicated FireWall) really simplifies iptables. In recent years, it has become the default firewall on systems such as Ubuntu and Debian. And ufw is surprisingly simple, which is a boon for new administrators, otherwise they may have to invest a lot of time to learn firewall management.

Ufw also has a GUI client (such as gufw), but the ufw command is usually executed on the command line. This article introduces some commands that use ufw and studies how it works.

First, a quick way to view the ufw configuration is to look at its configuration file-- / etc/default/ufw. Use the following command to view its configuration, using grep to suppress the display of blank lines and comments (lines that begin with #).

$grep-v'^ #\ | ^ $'/ etc/default/ufwIPV6=yesDEFAULT_INPUT_POLICY= "DROP" DEFAULT_OUTPUT_POLICY= "ACCEPT" DEFAULT_FORWARD_POLICY= "DROP" DEFAULT_APPLICATION_POLICY= "SKIP" MANAGE_BUILTINS=noIPT_SYSCTL=/etc/ufw/sysctl.confIPT_MODULES= "nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns"

As you can see, the default policy is to discard input but allow output. Other rules that allow you to accept specific connections need to be configured separately.

The basic syntax of the ufw command is shown below, but this summary does not mean that you just need to type ufw, but it is a quick prompt to tell you which parameters you need.

Ufw [--dry-run] [options] [rule syntax]

The dry-run option means that ufw will not run the command you specified, but will show you the result if executed. But it will show the entire rule set if it is changed, so you have to be prepared to have a lot of lines of output.

To check the status of ufw, run the following command. Note that even this command requires the use of sudo or root accounts.

$sudo ufw statusStatus: activeTo Action From---22 ALLOW 192.168.0 move 249090 ALLOW Anywhere9090 (V6) ALLOW Anywhere (V6)

Otherwise, you will see the following:

$ufw status

ERROR: You need to be root to run this script

Add the verbose option to provide some other details:

$sudo ufw status verboseStatus: activeLogging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skipTo Action From-- 22 ALLOW IN 192.168.0 pound 249090 ALLOW IN Anywhere9090 (V6) ALLOW IN Anywhere (V6)

You can easily allow and deny connections through the port number using the following command:

$sudo ufw allow 80

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.