Uncomplicated Firewall (ufw) — The Uncomplicated Firewall (ufw) is a frontend for iptables and is particularly well-suited for host-based firewalls. ufw provides a framework for managing netfilter, as well as a command-line interface for manipulating the firewall. |
Installation
Uncomplicated Firewall can be easily install by typing this command into the terminal as a super user:
# apt-get install ufw
However, simply installing the firewall will not turn it on automatically, nor it will have any rule set by default.
Configuration
Firstly, the firewall must be enabled by typing:
# ufw enable
Note: it may be disabled the same way, by replacing enable with disable.
Secondly, defaults must be set up. For normal users the following defaults will do just fine.
# ufw default deny incoming # ufw default allow outgoing
Next, you must verify that the firewall is enabled by typing:
# ufw status verbose
Note: With this command you will also be able to see all of the defaults and rules which you have applied.
Firewall Rules
Allowing rules is quite simple from the command line, and is sometimes necessary. For example, by default ufw denies all of the incoming connections, which will make it a problem if you are using SSH. Therefore, you must make a rule which allows SSH connection by typing:
# ufw allow ssh
Other rules may be added in the same way by simply specifying a name of the program (Deluge, Transmission). This is due to the fact, that ufw comes with specific defaults for some commonly used programs, and they are automatically activated when you make a rule by using the name of the program.
Port Ranges
Port ranges may also be specified, a simple example for tcp would be:
# ufw allow 1000:2000/tcp
and for udp:
# ufw allow 1000:2000/udp
IP address
An IP address may also be used:
# ufw allow from 111.222.333.444
Deleting Rules
Rules may be deleted with the following command:
# ufw delete allow ssh