Skip to content

Instantly share code, notes, and snippets.

@dunderrrrrr

dunderrrrrr/ubuntu-firewall-ufw.md

Created February 21, 2020 13:37
Show Gist options
  • Save dunderrrrrr/0287828261e0322303306827595cb6f2 to your computer and use it in GitHub Desktop.
Save dunderrrrrr/0287828261e0322303306827595cb6f2 to your computer and use it in GitHub Desktop.
Download ZIP
The default firewall configuration tool for Ubuntu is ufw.
Raw
ubuntu-firewall-ufw.md

The default firewall configuration tool for Ubuntu is ufw. Developed to ease iptables firewall configuration, ufw provides a user friendly way to create an IPv4 or IPv6 host-based firewall. By default UFW is disabled.

Gufw is a GUI that is available as a frontend.

ufw [--dry-run] enable|disable|reload
ufw [--dry-run] default allow|deny|reject [incoming|outgoing]
ufw [--dry-run] logging on|off|LEVEL
    toggle logging. Logged packets use the LOG_KERN syslog facility. Systems configured for rsyslog
    support may also log to /var/log/ufw.log. Specifying a LEVEL turns logging on for the specified LEVEL.
    The default log level is 'low'.
ufw [--dry-run] reset
ufw [--dry-run] status [verbose|numbered]
ufw [--dry-run] show REPORT
ufw [--dry-run] [delete] [insert NUM] allow|deny|reject|limit [in|out] [log|log-all] PORT[/protocol]
ufw [--dry-run] [delete] [insert NUM] allow|deny|reject|limit [in|out on INTERFACE] [log|log-all]
    [proto protocol] [from ADDRESS [port PORT]] [to ADDRESS [port PORT]]
ufw [--dry-run] delete NUM
ufw [--dry-run] app list|info|default|update

To allow a port (ex. SSH = 22)

ufw allow 22

To allow all http, https traffic over TCP

ufw allow proto tcp from any to any port 80,443

To allow specific access from an IP range or drop the /24 for specific IP

ufw allow from 1.2.3.0/24 to any port 80

To block a malicious IP

ufw deny from 1.2.3.4

To view the list of open ports

ufw status

List by numbers and delete

ufw status numbered
ufw delete 4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment