Wiki-World

User Tools

Site Tools

security:ufw

UFW

ufw is the default firewall in Ubuntu based system and is also available on the Raspberry-Pi.

Install UFW

apt install ufw

Examples

Allow SSH
ufw allow ssh
List Rules
ufw status

if no rules are defined only the run status is shown.

Enable UFW
ufw enable

make sure SSH is allowed, if you're using a remote session!

Disable UFW
ufw disable
List available app rules
ufw app list
Show details for app rule
ufw info DNS
Profile: DNS
Title: Internet Domain Name Server
Description: Internet Domain Name Server

Port:
  53
Move rule
root@pitomb:~# ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 80/tcp                     ALLOW IN    Anywhere
[ 3] 443/tcp                    ALLOW IN    Anywhere
[ 4] DNS                        ALLOW IN    Anywhere
[ 5] 53                         DENY IN     10.60.2.95
[ 6] 22/tcp (v6)                ALLOW IN    Anywhere (v6)
[ 7] 80/tcp (v6)                ALLOW IN    Anywhere (v6)
[ 8] 443/tcp (v6)               ALLOW IN    Anywhere (v6)
[ 9] DNS (v6)                   ALLOW IN    Anywhere (v6)
root@pitomb:~# ufw delete 5
Deleting:
 deny from 10.60.2.95 to any port 53
Proceed with operation (y|n)? y
Rule deleted
root@pitomb:~# ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 80/tcp                     ALLOW IN    Anywhere
[ 3] 443/tcp                    ALLOW IN    Anywhere
[ 4] DNS                        ALLOW IN    Anywhere
[ 5] 22/tcp (v6)                ALLOW IN    Anywhere (v6)
[ 6] 80/tcp (v6)                ALLOW IN    Anywhere (v6)
[ 7] 443/tcp (v6)               ALLOW IN    Anywhere (v6)
[ 8] DNS (v6)                   ALLOW IN    Anywhere (v6)
root@pitomb:~# ufw insert 1 deny from 10.60.2.95 to any port 53
Rule inserted
root@pitomb:~# ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 53                         DENY IN     10.60.2.95
[ 2] 22/tcp                     ALLOW IN    Anywhere
[ 3] 80/tcp                     ALLOW IN    Anywhere
[ 4] 443/tcp                    ALLOW IN    Anywhere
[ 5] DNS                        ALLOW IN    Anywhere
[ 6] 22/tcp (v6)                ALLOW IN    Anywhere (v6)
[ 7] 80/tcp (v6)                ALLOW IN    Anywhere (v6)
[ 8] 443/tcp (v6)               ALLOW IN    Anywhere (v6)
[ 9] DNS (v6)                   ALLOW IN    Anywhere (v6)
security/ufw.txt ยท Last modified: 2022/06/10 19:19 by 127.0.0.1