Kamis, 21 Januari 2010

How-To: UFW - Ucomplicated Firewall

I looked for a current how-to for UFW and when I did not see one I wanted to add one.

(important note: UFW is not the firewall. UFW just configures your iptables)

in most cases I recommend doing the following immediately:

Code:
sudo ufw default deny
sudo ufw enable
Then fine tuning can start:

Some basic commands are:

Turn on the firewall
Code:
sudo ufw enable
Turn off the firewall
Code:
sudo ufw disable


To add deny rules:
blocking a port
Code:
sudo ufw deny port

blocking an ip address
Code:
sudo ufw deny from
blocking a specific ip address and port
Code:
sudo ufw deny from  to port
advanced deny example for denying access from an ip address range 10.120.0.1 - 10.120.0.255 for SSH port 22
Code:
sudo ufw deny from 10.0.0.1/24 to any port 22


To add allow rules:
to allow an ip address
Code:
sudo ufw allow from
to allow a port
Code:
sudo ufw
allow a specific ip address and port
Code:
sudo ufw allow from  to any port
advanced allow example for allowing access from an ip address range 10.120.0.1 - 10.120.0.255 to port 22
Code:
sudo ufw allow from 10.0.0.0/24 to any port 22

To get the current status of your UFW rules
Code:
sudo ufw status
To remove a deny or allow rule
Code:
sudo ufw delete  from  to any port
(note: you basically match the syntax for the creation of the rule and add 'delete')

You need to be careful with setting up allow and deny rules that 'intersect' because the first rule matched is applied and the remaining are ignored.

SECNARIO:
you want to block access to port 22 from 192.168.0.1 and 192.168.0.7 but allow all other 192.168.0.x IPs to have access to port 22

Code:
sudo ufw deny from 192.168.0.1 to any port 22
sudo ufw deny from 192.168.0.7 to any port 22
sudo ufw allow from 192.168.0.0/24 to any port 22
if you do the allow statement before either of the deny statements it will be matched first and the deny will not be evaluated.

you can check this by checking ufw status
Code:
sudo ufw status
To                         Action  From
--                         ------  ----
22:tcp                     DENY    192.168.0.1
22:udp                     DENY    192.168.0.1
22:tcp                     DENY    192.168.0.7
22:udp                     DENY    192.168.0.7
22:tcp                     ALLOW   192.168.0.0/24
22:udp                     ALLOW   192.168.0.0/24
the allow is at the bottom and will be the last command evaluated if it appeared above the deny rules the deny rules would not be evaluated.

I hope this helps you use ufw to secure your computer.
Diposting oleh di Tidak ada komentar:
Langganan: Postingan (Atom)