Tuesday, June 10, 2008

ufw - Ucomplicated Firewall

I'm starting to play around with ufw (Ucomplicated Firewall), a firewall for Linux.

It's command line based, but simple enough.

I'll update this post as I play along.


Enable/disable ufw
$ sudo ufw enable
$ sudo ufw disable 

Default policy
  • mostly open ports
$ sudo ufw default allow
  • mostly closed ports
$ sudo ufw default deny 

Allow/deny services syntax
$ sudo ufw allow|deny <service> 

Add rules syntax
$ sudo ufw allow|deny [proto <protocol>] [from <address> [port <port>]] [to <address> [port <port>]] 

Delete rules syntax
$ sudo ufw delete <rule type> from <ip address> to any port <port number> 

Firewall status
$ sudo ufw status 
Firewall loaded
To Action From -- ------ ---- 24800:tcp ALLOW 100.000.1.1


Examples
$ sudo ufw allow proto tcp from 100.000.1.1 to any port 24800
$ sudo ufw delete allow proto tcp from 100.000.1.1 to any port 24800
$ sudo ufw allow ssh
$ sudo ufw delete allow ssh