mirror of
https://github.com/yuriskinfo/cheat-sheets.git
synced 2025-12-24 06:28:18 +01:00
65 lines
2.1 KiB
Plaintext
Executable File
65 lines
2.1 KiB
Plaintext
Executable File
= Ubuntu Uncomplicated Firewall (ufw) cookbook of configuration examples
|
|
|
|
<<Disable/unload the firewall>> +
|
|
<<Verify status of the ufw firewall>> +
|
|
<<Enable ufw firewall>> +
|
|
<<Allow SSH access to this server from Any IP source>>
|
|
|
|
|
|
== Disable/unload the firewall
|
|
Beware: after running this command all access restrictions imposed by ufw rules will be gone.
|
|
|
|
|
|
*ufw disable*
|
|
|
|
|
|
== Verify status of the ufw firewall
|
|
|
|
*ufw status* - Show short status. +
|
|
----
|
|
Status: active
|
|
|
|
To Action From
|
|
-- ------ ----
|
|
22 ALLOW Anywhere
|
|
Anywhere ALLOW 10.10.10.0/24
|
|
22 (v6) ALLOW Anywhere (v6)
|
|
----
|
|
|
|
|
|
*ufw status verbose* - Show all rules, including the default ones, and logging level.
|
|
----
|
|
Status: active
|
|
Logging: on (low)
|
|
Default: deny (incoming), allow (outgoing), allow (routed)
|
|
New profiles: skip
|
|
|
|
To Action From
|
|
-- ------ ----
|
|
22 ALLOW IN Anywhere
|
|
Anywhere ALLOW IN 10.10.10.0/24
|
|
22 (v6) ALLOW IN Anywhere (v6)
|
|
----
|
|
|
|
|
|
*ufw status numbered* - Show rules with their sequence numbers, that we can later use to delete some specific rule.
|
|
|
|
----
|
|
Status: active
|
|
To Action From
|
|
-- ------ ----
|
|
[ 1] 22 ALLOW IN Anywhere
|
|
[ 2] Anywhere ALLOW IN 10.10.10.0/24
|
|
[ 3] 22 (v6) ALLOW IN Anywhere (v6)
|
|
----
|
|
|
|
|
|
== Enable ufw firewall
|
|
*ufw enable* - Enable _ufw_ firewall and load the default rules, as well as user created if any in the `/etc/ufw/user.rules`.
|
|
|
|
|
|
== Allow SSH access to this server from Any IP source
|
|
`*ufw allow 22*` - Add port 22 to the `filter` table with action of `allow`. The rule will be added to the `/etc/ufw/user.rules` file and will survive reboot.
|
|
|
|
|