Configuring UFW Firewall
Set Default Mode/Actions
sudo ufw default reject incoming
sudo ufw default allow outgoing
sudo ufw default deny routedAllow all inbound connections on a specific app profile
sudo ufw allow <app_profile>Several App Profile files are attached for uploading to servers to the /etc/ufw/applications.d directory.
Example to allow SSH
sudo ufw allow OpenSSHAllow all inbound connections on a specific port and protocol
sudo ufw allow <port>/<protocol>Example to allow TCP port 80
sudo ufw allow 80/tcpAllow all inbound connections on a specific port for any protocol
sudo ufw allow <port>Allow inbound connections from a specific IP or subnet to a specific port
sudo ufw allow from <sourceIP></sourceCIDR> to any port <port>Example to allow subnet 192.168.1.0/24 to access port 22
sudo ufw allow from 192.168.1.0/24 to any port 22Example to allow only single device with IP 192.168.1.10 to access port 80
sudo ufw allow from 192.168.1.10 to any port 80Allow inbound connections on a specific interface to a specific port
sudo ufw allow in on <interface> to any port <port>Example to allow connections on ens160 to access port 22
sudo ufw allow in on ens160 to any port 22Block inbound connections from a specific IP or subnet on any port
sudo ufw deny from <sourceIP>/<sourceCIDR>Show added rules
sudo ufw show addedEnable UFW Firewall
sudo ufw enableCheck UFW Firewall Status
sudo ufw status [verbose|numbered]Deleting firewall rules
Use the following command to delete a rule number:
sudo ufw delete <ruleNumber>Use the following command to delete a rule definition:
sudo ufw delete <rule definition>Check listening ports to firewall rules
sudo ufw show listeningOptionally block pings
sudo nano /etc/ufw/before.rulesScroll down to ok icmp codes for INPUT and insert the following line beforeĀ the other lines:
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP
No Comments