Date created: Thursday, August 7, 2014 9:57:42 AM. Last modified: Monday, June 19, 2023 5:33:06 PM

'ufw' - Notes

Enable Uncomplicated Firewall and add a few basic rules manually by IP address/port number:

ufw status
ufw enable
ufw status

ufw default deny incoming
ufw default allow outgoing
# Allow SSH from anywhere
ufw allow 22/tcp comment 'Open port ssh tcp port 22'

# Allow from specific IPs
ufw allow proto tcp from 192.168.1.0/24 to any port 22 ufw allow proto tcp from 192.168.1.0/24 to any port 80 ufw allow proto udp from 192.168.1.0/24 to any port 161 ufw allow proto icmp from 192.168.1.0/24

# Allow on specific interface
sudo ufw allow in on docker0 proto tcp from 172.16.0.0/12

# Allow forwarding between interfaces
sudo ufw route allow in on tun0 out on eth0 from 192.168.58.128/26 to 0.0.0.0/0
sudo ufw route allow in on tun0 out on eth0 from fd:0:0:3::/64 to ::/0

# Delete rule
ufw allow 'OpenSSH'
ufw delete allow 'OpenSSH'
ufw allow proto udp from 2001:db8:::/32
ufw delete allow proto udp from 2001:db8:::/32
# Check rules ufw status
ufw status verbose ufw status numbered
# Delete numbered rule
ufw delete 8

 

Add rules by app name:

ufw app list
ufw allow 'OpenSSH'
ufw status
ufw show raw

 

Using Zones, add a port forward to a specific zone:


sudo firewall-cmd ... --permanent
sudo firewall-cmd --reload

sudo firewall-cmd --get-default-zone
sudo firewall-cmd --get-active-zones
sudo firewall-cmd --zone=public --list-all

sudo firewall-cmd --zone=public --add-masquerade
sudo firewall-cmd --zone="public" --add-forward-port=port=4555:proto=tcp:toport=4555:toaddr=127.0.0.1
sudo firewall-cmd --zone="public" --remove-forward-port=port=4555:proto=tcp:toport=4555:toaddr=127.0.0.1
sudo firewall-cmd --zone=public --remove-masquerade

sudo firewall-cmd --zone=public --add-port=4555/tcp

sudo firewall-cmd --zone=public --remove-port=12345/tcp

 


Previous page: 'rkhunter' - Notes
Next page: 'vim' Notes