Table of Contents
- 1. Install UFW
- 2. Logging
- 3. Add rule
- 4. Show rule list
- 5. Delete rule
- 6. Enable UFW
- 7. Firewall via GUI with gufw
1 Install UFW
Install ufw package.
$ sudo apt install -y ufw$ sudo systemctl enable ufw$ sudo systemctl restart ufw
2 Logging
Enabling logging will output log to /var/log/ufw.log.
$ sudo ufw logging on
Disabling logging is the following.
$ sudo ufw logging off
3 Add rule
The “ufw allow” allows port.
$ sudo ufw allow 22/tcp
Service name in /etc/services can be used.
$ sudo ufw allow ssh
Some package provides the configuration file for UFW rule. Because there are packages which uses multiple port like samba, the configuration file for UFW rule is useful.
The configuration files for UFW rule are in /etc/ufw/applications.d.
$ ls /etc/ufw/applications.d/cups openssh-server samba$ cat /etc/ufw/applications.d/openssh-server[OpenSSH]title=Secure shell server, an rshd replacementdescription=OpenSSH is a free implementation of the Secure Shellprotocol.ports=22/tcp
“ufw app list” shows list.
$ sudo ufw app listAvailable applications: CUPS OpenSSH Samb
Use Available applications name for “ufw allow”.
$ sudo ufw allow OpenSSH
Use “ufw deny” to deny port.
$ sudo ufw deny <port>
4 Show rule list
“ufw status” shows list of allowed and denied ports.
$ sudo ufw statusStatus: activeTo Action From– —— —-OpenSSH ALLOW AnywhereOpenSSH (v6) ALLOW Anywhere (v6)
5 Delete rule
“ufw delete” deletes allowed and denied ports.
$ sudo ufw delete allow <port>$ sudo ufw delete deny <port>
6 Enable UFW
Enabling UFW will deny all ports except for allowed ports. If OpenSSH is not allowed, next SSH session will be denied.
$ yes | sudo ufw enable
This article uses yes command for accepting the following message.
Command may disrupt existing ssh connections. Proceed with operation (y|n)?
7 Firewall via GUI with gufw
The gufw provides GUI interface for ufw.
$ sudo apt install -y gufw
Running gufw requires user password.
gufw is the fllowing. Because ufw is already enabled, Status is ON.
Add rule with clicking “+” button at the Rules tab. Select application rule at the Preconfigured tab. SAMBA will allow 137,138/udp and 139,445/tcp. At the Simple tab, you can select port number to be allowed.
