'ufw' - Notes

Enable Uncomplicated Firewall and add a few basic rules manually by IP address/port number:

ufw status
ufw enable
ufw status

ufw default deny incoming
ufw default allow outgoing

# Allow SSH from anywhere
ufw allow 22/tcp comment 'Open port ssh tcp port 22'

# Allow from specific IPs
ufw allow proto tcp from 192.168.1.0/24 to any port 22
ufw allow proto tcp from 192.168.1.0/24 to any port 80
ufw allow proto udp from 192.168.1.0/24 to any port 161
ufw allow proto icmp from 192.168.1.0/24

# Allow on specific interface
sudo ufw allow in on docker0 proto tcp from 172.16.0.0/12

# Allow forwarding between interfaces
sudo ufw route allow in on tun0 out on eth0 from 192.168.58.128/26 to 0.0.0.0/0
sudo ufw route allow in on tun0 out on eth0 from fd:0:0:3::/64 to ::/0

# Delete rule
ufw allow 'OpenSSH'
ufw delete allow 'OpenSSH'
ufw allow proto udp from 2001:db8:::/32
ufw delete allow proto udp from 2001:db8:::/32

# Check rules
ufw status
ufw status verbose
ufw status numbered
# Delete numbered rule
ufw delete 8

 

Add rules by app name:

ufw app list
ufw allow 'OpenSSH'
ufw status
ufw show raw

 

Using Zones, add a port forward to a specific zone:

sudo firewall-cmd ...  --permanent
sudo firewall-cmd --reload

sudo firewall-cmd --get-default-zone
sudo firewall-cmd --get-active-zones
sudo firewall-cmd --zone=public --list-all

sudo firewall-cmd --zone=public --add-masquerade
sudo firewall-cmd --zone="public" --add-forward-port=port=4555:proto=tcp:toport=4555:toaddr=127.0.0.1
sudo firewall-cmd --zone="public" --remove-forward-port=port=4555:proto=tcp:toport=4555:toaddr=127.0.0.1
sudo firewall-cmd --zone=public --remove-masquerade

sudo firewall-cmd --zone=public --add-port=4555/tcp

sudo firewall-cmd --zone=public --remove-port=12345/tcp

 

---