Iptables made easy with ufw
UFW is a front-end for iptables and is here to make your life easier!
Default Rule
To deny all incoming connections:
sudo ufw default deny |
To allow all incoming connections:
sudo ufw default allow |
Enable or Disable ufw
To enable ufw:
sudo ufw enable |
To disable ufw:
sudo ufw disable |
Allow or Deny rules
To allow tcp and udp packets on port x:
sudo ufw allow x |
To allow tcp or udp packets on port x:
sudo ufw allow x/tcp |
or
sudo ufw allow x/udp |
To deny tcp and udp packets on port x:
sudo ufw deny x |
To deny tcp or udp packets on port x:
sudo ufw deny x/tcp |
or
sudo ufw deny x/udp |
Delete a rule
To delete a rule issue the following command:
sudo ufw delete allow port_number/tcp |
Allow or deny a service
To allow a service:
sudo ufw allow http |
To deny a service:
sudo ufw deny ssh |
Logging
To enable logging:
sudo ufw logging on |
To disable logging:
sudo ufw logging off |
Allow or deny specific IP
To allow by ip:
sudo ufw allow from x.x.x.x |
To deny by ip:
sudo ufw deny from x.x.x.x |
Allow a subnet
sudo ufw allow from x.x.x.x/24 |
or
sudo ufw allow from x.x.x.x to tcp port port_number |
sudo ufw allow from x.x.x.x to udp port port_number |
sudo ufw allow from x.x.x.x to any port port_number |
To deny:
sudo ufw deny from x.x.x.x to any port port_number |
To view all ufw logs, issue the following command:
to view a more detailed status of ufw, type the following command:
sudo ufw status verboseto avoid locking your self out of the server type the commands in this order:
sudo ufw default denysudo ufw status verbosesudo rebootTo insert a rule into the top of the chain issue the following command: