Ufw is for managing a Linux firewall and aims to provide an easy interface to iptables for the user. Install and configure ufw do this as root user or use sudo:
apt install ufw
Set default rules
ufw default deny incoming ufw default allow outgoing
Allow connections
These commands both allow a connection on port 22 using the TCP protocol. Use one they end up in the same IPtables:
ufw allow ssh ufw allow 22/tcp
ufw supports connection rate limiting, which is useful for protecting against brute-force login attacks:
ufw limit ssh/tcp
Allow traffic to a Webserver running on port 80 and port 443. Ufw allows to specify a port and protocol e.g. 443/tcp or to specify a common service e.g. https:
ufw allow www ufw allow 80/tcp ufw allow http and ufw allow 443/tcp ufw allow https
Allow port ranges in ufw:
ufw allow 1000:2000/tcp ufw allow 1000:2000/udp
Allow connections from a specific IP address or address ranges:
ufw allow from 192.168.255.255 ufw allow from 192.168.0.0/16
By default, ufw will apply rules to all available interfaces. To limit this, specify DIRECTION on INTERFACE, where DIRECTION is one of in or out (interface aliases are not supported). For example, to allow all new incoming ssh connections on enps03, use:
ufw allow in on enps03 to port 22 proto tcp
Deny connections
Deny access to port 8080:
ufw deny 8080/tcp
Deleting rules
ufw delete allow ssh ufw delete allow 80/tcp ufw delete allow 1000:2000/tcp
or show a complete rule list and delete single entries:
# ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 80/tcp ALLOW IN Anywhere
[ 3] 443/tcp ALLOW IN Anywhere
[ 4] 22/tcp (v6) ALLOW IN Anywhere (v6)
[ 5] 80/tcp (v6) ALLOW IN Anywhere (v6)
[ 6] 443/tcp (v6) ALLOW IN Anywhere (v6)
# ufw delete [number]
Turn ufw on or off
Double check whether you created a rule for your ssh access!
ufw enable ufw disable
Reset ufw
ufw reset
Logging in ufw
Logging levels are: off, low, medium, high, full
ufw logging LEVEL