ufw¶
Quickstart¶
The Uncomplicated FireWall is just what it is: an uncomplicated firewall. Unless you need the full power of iptables for routing, nat etc, UFW is a good option.
- Install UFW
$ sudo apt-get update
$ sudo apt-get install ufw
- Allow SSH
This will allow port 22 on IPv4 and IPv6. If you’ve modified your
sshd_config
to change the port, you might want to set that up
differently.
$ sudo ufw allow ssh
- Enable the firewall
$ sudo ufw enable
$ sudo ufw status
Allow only certain interfaces¶
It is possible to allow traffic on certain interfaces only, and in a certain direction. For example, to allow SSH only on interface enp5s0:
$ sudo ufw allow in on enp5s0 to any port 2 proto tcp
Delete a rule¶
To delete a rule, you need its number.
$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 443/tcp ALLOW IN Anywhere
[ 2] 22/tcp on enx0050b697dd22 ALLOW IN Anywhere
[ 3] 80/tcp (v6) ALLOW IN Anywhere (v6)
[ 4] 443/tcp (v6) ALLOW IN Anywhere (v6)
[ 5] 22/tcp (v6) on enx0050b697dd22 ALLOW IN Anywhere (v6)
$ sudo ufw delete 3
Deleting:
allow 80/tcp
Proceed with operation (y|n)? y
Rule deleted (v6)