Sunday, February 1, 2009

UFW Firewall

Here is an overview on howto use ufw the Uncomplicated Firewall:

Lets turn UFW on:
sudo ufw enable
When you initially turn the firewall on, it is in ACCEPT mode, and will accept everything incoming and outgoing until you make rulesets.

The simple syntax to allow an incoming/outgoing connection on a specified port to any host would be:
sudo ufw allow 53
To specify a protocol, append ’/protocol’ to the port. For example lets enable tcp connections on port 53 incoming/outgoing:
sudo ufw allow 53/tcp
or for udp
sudo ufw allow 53/udp
You can also allow by service name since ufw reads from /etc/services
Lets see what services are in /etc/services:
cat /etc/services | less

As an example lets allow ssh which is port 22
sudo ufw allow ssh

You can also use a fuller syntax, specifying the source and destination addresses and ports. This syntax is based on OpenBSD’s PF syntax. Which will deny all traffic to tcp port 22 on this host
ufw deny proto tcp to any port 22

To deny all traffic from the RFC1918 Class A network (10.0.0.0/8) to tcp port 22 with the address 192.168.0.1 we would use this:
ufw deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 22

If you want to deny all traffic from the IPv6 2001:db8::/32 to tcp port 80 on this host you would use:
ufw deny proto tcp from 2001:db8::/32 to any port 80

To delete a rule, simply prefix the original rule with delete. For example, if the original rule was:
ufw deny 80/tcp
Use this to delete it:
sudo ufw delete deny 80/tcp

Lets deny all access to port 80
sudo ufw deny 80
Lets allow all access to port 80
sudo ufw allow 80/tcp

Lets block a single host:
sudo ufw deny from 207.46.232.182
The above command blocked microsoft lol
Lets block microsoft's class b
sudo ufw deny from 207.46.0.0/16

Lets allow all access from RFC1918 networks(LAN/WLAN's) to this host:
sudo ufw allow from 10.0.0.0/8
sudo ufw allow from 172.16.0.0/12
sudo ufw allow from 192.168.0.0/16

Lets Deny access to udp port 139 from host 192.168.1.1:
sudo ufw deny proto udp from 192.168.1.1 to any port 139
The same thing above with tcp instead:
sudo ufw deny proto tcp from 192.168.1.1 to any port 139

Allow access to udp 192.168.1.1 port 22 from 192.168.1.100 port 22:

sudo ufw allow proto udp from 192.168.1.100 port 22 to 192.168.1.1 port 22

To check the status of ufw with the ports in the listening state use:
sudo ufw status

To disable ufw use:
sudo ufw disable

To enable logging use:
ufw logging on

To disable logging use:
ufw logging off

Fore more complete information please see the Ubuntu Wiki

Or read the man pages via Applications->Accessories->Terminal
Then type:
man ufw

No comments:

Post a Comment