Package Installation
sudo apt install ufw
Configure Rules
Allow Rules
sudo ufw allow <target-parameters>
e.g.
sudo ufw allow from <ip-address>
Deny Rules
sudo ufw deny <target-parameters>
e.g.
sudo ufw deny from <ip-address>
Add target specifications to rules
- Allow/Block an IP address
<allow/deny> from <ip-address> - Allow/Block a Subnet
<allow/deny> from <subnet>/<subnet-mask>Note:
<subnet-mask>based on the netmask. (subnet mask cheat sheet) - Allow/Block on a specific network interface (e.g.
eth0)<allow/deny> in on <interface> - Allow/Block an Applicaton Profile
- Check list of available application profiles:
sudo ufw app list - Add a rule:
<allow/deny> “<app>”
- Check list of available application profiles:
Delete a Rule
- Delete a Rule by giving the whole rule
sudo ufw delete <rule>e.g.
sudo ufw delete allow from 203.0.113.101 - Delete a Rule by Number
sudo ufw status numberede.g.
labclub@bard:~ $ sudo ufw status numbered Status: active To Action From -- ------ ---- [ 1] OpenSSH ALLOW IN Anywhere [ 2] OpenSSH (v6) ALLOW IN Anywhere (v6)Make note of the number of the rule you are looking to delete, and:
sudo ufw delete <#>
UFW Service
Enable
sudo ufw enable
Disable
sudo ufw disable
Check Status
sudo ufw status
Common Examples
SSH
sudo ufw allow OpenSSH
NGINX
sudo ufw allow "Nginx Full"
DNS Server
sudo ufw allow from 192.168.0.0/24 to any port 53 proto udp
sudo ufw allow from 192.168.0.0/24 to any port 53 proto tcp
DHCP Server
sudo ufw allow bootps comment 'DHCP Allow 67/UDP'
sudo ufw allow bootpc comment 'DHCP Allow 68/UDP'
Resources
PREVIOUSDNSMasq