Page 1 of 3 123 LastLast
Results 1 to 10 of 41

Thread: How-To: UFW

Hybrid View

  1. #1
    cprofitt's Avatar
    cprofitt is offline νόησις νοήσεως - nóesis noéseos
    Join Date
    Oct 2006
    Location
    平静
    Beans
    1,448
    Distro
    Ubuntu Development Release

    How-To: UFW - Ucomplicated Firewall

    I looked for a current how-to for UFW and when I did not see one I wanted to add one.

    (important note: UFW is not the firewall. UFW just configures your iptables)

    in most cases I recommend doing the following immediately:

    Code:
    sudo ufw default deny
    sudo ufw enable
    Then fine tuning can start:

    Some basic commands are:

    Turn on the firewall

    Code:
    sudo ufw enable
    Turn off the firewall
    Code:
    sudo ufw disable


    To add deny rules:

    blocking a port
    Code:
    sudo ufw deny port <port number>

    blocking an ip address

    Code:
    sudo ufw deny from <ip address>
    blocking a specific ip address and port
    Code:
    sudo ufw deny from <ipaddress> to port <port number>
    advanced deny example for denying access from an ip address range 10.120.0.1 - 10.120.0.255 for SSH port 22
    Code:
    sudo ufw deny from 10.0.0.1/24 to any port 22


    To add allow rules:

    to allow an ip address
    Code:
    sudo ufw allow from <ip address>
    to allow a port
    Code:
    sudo ufw <port number>
    allow a specific ip address and port
    Code:
    sudo ufw allow from <ipaddress> to any port <port number>
    advanced allow example for allowing access from an ip address range 10.120.0.1 - 10.120.0.255 to port 22
    Code:
    sudo ufw allow from 10.0.0.0/24 to any port 22

    To get the current status of your UFW rules

    Code:
    sudo ufw status
    To remove a deny or allow rule
    Code:
    sudo ufw delete <rule type> from <ip address> to any port <port number>
    (note: you basically match the syntax for the creation of the rule and add 'delete')

    You need to be careful with setting up allow and deny rules that 'intersect' because the first rule matched is applied and the remaining are ignored.

    SECNARIO:

    you want to block access to port 22 from 192.168.0.1 and 192.168.0.7 but allow all other 192.168.0.x IPs to have access to port 22

    Code:
    sudo ufw deny from 192.168.0.1 to any port 22
    sudo ufw deny from 192.168.0.7 to any port 22
    sudo ufw allow from 192.168.0.0/24 to any port 22
    if you do the allow statement before either of the deny statements it will be matched first and the deny will not be evaluated.

    you can check this by checking ufw status
    Code:
    sudo ufw status
    To                         Action  From
    --                         ------  ----
    22:tcp                     DENY    192.168.0.1
    22:udp                     DENY    192.168.0.1
    22:tcp                     DENY    192.168.0.7
    22:udp                     DENY    192.168.0.7
    22:tcp                     ALLOW   192.168.0.0/24
    22:udp                     ALLOW   192.168.0.0/24
    the allow is at the bottom and will be the last command evaluated if it appeared above the deny rules the deny rules would not be evaluated.

    I hope this helps you use ufw to secure your computer.

    Link to the documentation wiki
    Last edited by cprofitt; June 9th, 2008 at 09:40 PM.

  2. #2
    Join Date
    Aug 2007
    Beans
    700
    Distro
    Ubuntu Jaunty Jackalope (testing)

    Re: How-To: UFW

    Every time I restart my computer I have to restart ufw. Is there a way to make it enabled at startup?
    I would rather die of thirst than drink from the cup of mediocrity.

    Get better forum search results!

  3. #3
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,585
    Distro
    Ubuntu 12.04 Precise Pangolin

  4. #4
    Join Date
    Apr 2006
    Location
    UK
    Beans
    6,646
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: How-To: UFW

    Quote Originally Posted by Bakon Jarser View Post
    Every time I restart my computer I have to restart ufw. Is there a way to make it enabled at startup?
    I would like to understand this too. I can't find any documentation that clarifies the situation.

    I presume iptables boots at startup. And ufw is a "frontend" for iptables.

    So does ufw need to be running to enable the open ports that I have defined with ufw?

    ufw does not boot at startup:
    Code:
    sudo ufw status
    [sudo] password for xxxxx: 
    Firewall not loaded
    I thought this was where the bootup setting was (default):
    Code:
    cat /etc/ufw/ufw.conf
    # /etc/ufw/ufw.conf
    # 
    
    # set to yes to start on boot
    ENABLED=yes
    Any help?

  5. #5
    Join Date
    Jul 2008
    Beans
    5

    Re: How-To: UFW

    I would also like to know, I'm a little confused with this.

  6. #6
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,585
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: How-To: UFW

    Im curious also -- I know for example iptables does not by default store settings between boots unless the settings are exported and then imported at boot, or a startup script is launched that re-enters the settings back into iptables. (iptables-save, iptables-restore). I thought Network Manager had the iptables-save, restore code calls built in, however if you are not using network manager, then that's another issue). In theory however, since ufw uses iptables, it would be possible manually to save and restore the settings using the save/restore commands by calling iptables directly rather than ufw.

  7. #7
    Join Date
    Jul 2007
    Beans
    2

    Re: How-To: UFW

    Quote Originally Posted by Bakon Jarser View Post
    Every time I restart my computer I have to restart ufw. Is there a way to make it enabled at startup?
    i had the same problem before,when i find this gui -->> gufw link http://gufw.tuxfamily.org/screenshots.html

    works all time after reboot,and very easy to use

  8. #8
    Join Date
    Jul 2008
    Beans
    5

    Re: How-To: UFW

    Finally a link that works! I tried downloading that from ubuntu-unleashed, (and quite a few others), but I could never get the link to work. Google always said forbidden. Thank you for that!

  9. #9
    Join Date
    Apr 2006
    Location
    Greece
    Beans
    207
    Distro
    Ubuntu

    Re: How-To: UFW

    Quote Originally Posted by Bakon Jarser View Post
    Every time I restart my computer I have to restart ufw. Is there a way to make it enabled at startup?
    try this (from ubuntu wiki: https://wiki.ubuntu.com/UbuntuFirewall)
    Code:
    Toggle logging:
    # ufw logging on|off
    10 PRINT "HELLO WORLD!"
    20 GOTO 10

  10. #10
    Join Date
    Apr 2007
    Location
    (X,Y,Z) = (0,0,0)
    Beans
    3,715

    Re: How-To: UFW

    Ehm... My ufw doesn't reset itself after reboot.

Page 1 of 3 123 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •