ufw
ufw is firewall in Ubuntu.
To enable
1 |
systemctl enable ufw |
To list available apps, run
1 |
ufw app list |
To see the status, run
1 |
ufw status |
To see firewall rules in a numbered format
1 |
ufw status numbered |
Stop ufw
1 |
ufw disable |
Start ufw
1 |
ufw enable |
Open Ports
Here are some commands to open ports.
1 2 3 4 |
ufw allow ssh ufw allow http ufw allow https ufw allow 3333/tcp |
Following command open tcp ports 8000 to 9000.
1 |
ufw allow 8000:9000/tcp |
Disable all other ports by default for incoming and allow all outbound traffic
1 2 |
ufw default deny incoming ufw default allow outgoing |
Whitelist an IP
To allow an IP to access all services
1 |
ufw allow from IP_ADDR_HERE |
To allow to specific PORT
1 2 |
ufw allow from IP_ADDR_HERE proto tcp to any port PORT_HERE ufw allow from IP_ADDR_HERE proto udp to any port PORT_HERE |
Enable Logging
To enable logging, run
1 |
ufw logging on |
By default ufw logs to /var/log/kern.log.
To log to differnt file, edit
1 |
vi /etc/rsyslog.d/20-ufw.conf |
Uncomment the line
1 |
:msg,contains,"[UFW " /var/log/ufw.log |
rstart rsyslog
1 |
systemctl restart rsyslog |
Allow cloudflare IP in ufw
1 |
for cfip in `curl -sw '\n' https://www.cloudflare.com/ips-v{4,6}`; do ufw allow proto tcp from $cfip comment 'Cloudflare IP'; done |
See firewall