Installation and configuration of Ubuntu firewall

Ubuntu Install UFW firewall

sudo apt-get install ufw

For general users, only the following settings are required:
sudo apt-get install ufw
sudo ufw enable
sudo ufw default deny

The above three commands are safe enough. If you need to open some services, you can use sudo ufw allow.

Enable

sudo ufw enable 
sudo ufw default deny 
#After running the above two commands, the firewall is opened, and it will be opened automatically when the system starts. 
#Turn off all external access to the local machine, but the external access of the local machine is normal.

On / off

sudo ufw allow|deny [service]

Open or close a port, for example:

sudo ufw allow smtp　      #Allow all external IP to access the local 25/tcp (smtp) port 
sudo ufw allow 22/tcp      #Allow all external IP to access the local 22/tcp (ssh) port 
sudo ufw allow 53          #Allow external access to port 53 (tcp/udp) 
sudo ufw allow from 192.168.1.100 #Allow this IP to access all native ports 
sudo ufw allow proto udp 192.168.0.1 port 53 to 192.168.0.2 port 53 
sudo ufw deny smtp         #Prohibit external access to the smtp service 
sudo ufw delete allow smtp #Delete a rule created above

View firewall status

sudo ufw status

Add:

#Turn the firewall on / off (the default setting is' disable ')
ufw enable|disable

#Transition log status
ufw logging on|off

#Set default policies (such as "mostly open" vs "mostly closed")
ufw default allow|deny

#License or block some incoming packets (see the list of services in "status")
#You can specify a service name that exists in / etc/services in the way of "protocol: Port", or through the meta data of the package. The 'allow' parameter adds entries to / etc/ufw/maps, while 'deny' does the opposite. The basic grammar is as follows:
ufw allow|deny [service]

#Displays the listening status of the firewall and port, see / var/lib/ufw/maps. The numbers in brackets will not be displayed.
ufw status

UFW example:

#Allow 53 ports
$ sudo ufw allow 53

#Disable port 53
$ sudo ufw delete allow 53

#Allow 80 ports
$ sudo ufw allow 80/tcp

#Disable port 80
$ sudo ufw delete allow 80/tcp

#Allow smtp ports
$ sudo ufw allow smtp

#Remove permissions for the smtp port
$ sudo ufw delete allow smtp

#Allow a specific IP
$ sudo ufw allow from 192.168.254.254

#Delete the rule above
$ sudo ufw delete allow from 192.168.254.254

[note]
The reasons for the failure of Lan ping to mac host are as follows:
1. Network connection or network instability
2. mac computer lock screen or shut down
3. Firewall settings
4. ICMP Protocol settings

This article permanently updates the link address: http://www.linuxidc.com/Linux/2016-12/138259.htm

Keywords: sudo firewall Mac network

Added by konn on Fri, 10 Jul 2020 19:12:17 +0300

Programming VIP