Ubuntu firewall usage example
$ sudo ufw status
Status: active
Adding the --dry-run option to a ufw command will output the resulting rules, but not apply them. For example, the following is what would be applied if opening the HTTP port:
$ sudo ufw --help
Usage: ufw COMMAND
Commands:
enable enables the firewall
disable disables the firewall
default ARG set default policy
logging LEVEL set logging to LEVEL
allow ARGS add allow rule
deny ARGS add deny rule
reject ARGS add reject rule
limit ARGS add limit rule
delete RULE|NUM delete RULE
insert NUM RULE insert RULE at NUM
route RULE add route RULE
route delete RULE|NUM delete route RULE
route insert NUM RULE insert route RULE at NUM
reload reload firewall
reset reset firewall
status show firewall status
status numbered show firewall status as numbered list of RULES
status verbose show verbose firewall status
show ARG show firewall report
version display version information
Application profile commands:
app list list application profiles
app info PROFILE show information on PROFILE
app update PROFILE update PROFILE
app default ARG set default application policy
Status: active
$ sudo ufw disable
Firewall stopped and disabled on system startup
$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
$ sudo ufw app list
Available applications:
OpenSSH
$ sudo ufw allow 4848
Rule added
Rule added (v6)
$ sudo ufw status
Status: active
To Action From
-- ------ ----
4848 ALLOW Anywhere
4848 (v6) ALLOW Anywhere (v6)
$ sudo ufw delete allow 4848
Rule deleted
Rule deleted (v6)
$ sudo ufw allow from 192.168.0.0/23 proto tcp to any port 4848
WARN: Rule changed after normalization
Rule added
$ sudo ufw status
Status: active
To Action From
-- ------ ----
4848/tcp ALLOW 192.168.0.0/23
$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
4848/tcp ALLOW IN 192.168.0.0/23
Adding the --dry-run option to a ufw command will output the resulting rules, but not apply them. For example, the following is what would be applied if opening the HTTP port:
$ sudo ufw --dry-run allow http
$ sudo ufw allow https
Rule added
Rule added (v6)
$ sudo ufw allow http
Rule added
Rule added (v6)
$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
4848/tcp ALLOW IN 192.168.0.0/23
443 ALLOW IN Anywhere
80 ALLOW IN Anywhere
443 (v6) ALLOW IN Anywhere (v6)
80 (v6) ALLOW IN Anywhere (v6)
$ sudo ufw reload
Firewall reloaded
$ sudo ufw --help
Usage: ufw COMMAND
Commands:
enable enables the firewall
disable disables the firewall
default ARG set default policy
logging LEVEL set logging to LEVEL
allow ARGS add allow rule
deny ARGS add deny rule
reject ARGS add reject rule
limit ARGS add limit rule
delete RULE|NUM delete RULE
insert NUM RULE insert RULE at NUM
route RULE add route RULE
route delete RULE|NUM delete route RULE
route insert NUM RULE insert route RULE at NUM
reload reload firewall
reset reset firewall
status show firewall status
status numbered show firewall status as numbered list of RULES
status verbose show verbose firewall status
show ARG show firewall report
version display version information
Application profile commands:
app list list application profiles
app info PROFILE show information on PROFILE
app update PROFILE update PROFILE
app default ARG set default application policy
You can also use gufw for a graphical interface to manage your firewall:
$ sudo apt install gufw
$ sudo apt install gufw
Comments
Post a Comment