Date created: 08/07/14 09:57:42. Last modified: 09/26/20 11:33:07

'ufw' - Notes

Enable Uncomplicated Firewall and add a few basic rules manually by IP address/port number:

ufw status
ufw enable

ufw default deny incoming
ufw default allow outgoing
# Allow from anywhere
ufw allow 22/tcp comment 'Open port ssh tcp port 22'

# Allow from specific IPs
ufw allow proto tcp from 192.168.1.0/24 to any port 22 ufw allow proto tcp from 192.168.1.0/24 to any port 80 ufw allow proto udp from 192.168.1.0/24 to any port 161 ufw allow proto icmp from 192.168.1.0/24 ufw status ufw status verbose ufw status numbered

# Delete numbered rule
ufw status numbered
ufw delete 8

 

Add rules by app name:

ufw app list
ufw allow 'OpenSSH'
ufw status

 

Using Zones, add a port forward to a specific zone:


sudo firewall-cmd ... --permanent
sudo firewall-cmd --reload

sudo firewall-cmd --get-default-zone
sudo firewall-cmd --get-active-zones
sudo firewall-cmd --zone=public --list-all

sudo firewall-cmd --zone=public --add-masquerade
sudo firewall-cmd --zone="public" --add-forward-port=port=4555:proto=tcp:toport=4555:toaddr=127.0.0.1
sudo firewall-cmd --zone="public" --remove-forward-port=port=4555:proto=tcp:toport=4555:toaddr=127.0.0.1
sudo firewall-cmd --zone=public --remove-masquerade

sudo firewall-cmd --zone=public --add-port=4555/tcp

sudo firewall-cmd --zone=public --remove-port=12345/tcp

 


Previous page: 'rkhunter' - Notes
Next page: 'vim' Notes