Geody Labs


# Main Index: Debian Linux Magic Spells Cheat Sheet (one liners, how to, tips and tricks)

# UFW (Uncomplicated Firewall)

apt-get install ufw

ufw version # Show UFW version
ufw 0.36
Copyright 2008-2015 Canonical Ltd.

# Enable support for IPv6
jed /etc/default/ufw

IPV6=yes


# Restart (disable and enable) ufw to make changes to the configuration into effect

ufw app list # List of available apps on ufw

ufw default deny incoming
ufw default allow incoming

ufw default deny incoming
ufw default allow outgoing

ufw allow ssh
ufw allow 22/tcp

ufw allow http
ufw allow 80/tcp

ufw allow https
ufw allow 443/tcp

ufw allow 5000:6000/tcp
ufw allow 5000:6000/udp

ufw allow from 192.0.2.100
ufw deny from 192.0.2.100
ufw allow from 192.0.2.110 to any port 22

ufw allow from 192.0.2.100/24
ufw allow from 192.0.2.100/24 to any port 22

ufw delete deny from 192.0.2.100
ufw delete allow from 192.0.2.100

ufw status numbered

ufw delete NUMBER # delete the rule with the given number

ufw reset # reset all rules

ufw disable # stop ufw
Firewall stopped and disabled on system startup

ufw enable # start ufw
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

echo 'y' | ufw enable # start ufw with automatic confirmation
Command may disrupt existing ssh connections. Proceed with operation (y|n)? Firewall is active and enabled on system startup

ufw --force enable # start ufw without confirmation prompt
Firewall is active and enabled on system startup

ufw disable; ufw enable; # restart ufw

ufw disable; ufw --force enable; # force restart ufw


ufw status
Status: inactive

ufw status
Status: active

To                         Action      From
--                         ------      ----
Anywhere                   DENY        192.0.2.100
22                         ALLOW       192.0.2.110
22/tcp                     ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
22/tcp (v6)                ALLOW       Anywhere (v6)
80/tcp (v6)                ALLOW       Anywhere (v6)
443/tcp (v6)               ALLOW       Anywhere (v6)


ufw status verbose
Status: active
Logging: on (low)
Default: allow (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
Anywhere                   DENY IN     192.0.2.100
22                         ALLOW IN    192.0.2.110
22/tcp                     ALLOW IN    Anywhere
80/tcp                     ALLOW IN    Anywhere
443/tcp                    ALLOW IN    Anywhere
22/tcp (v6)                ALLOW IN    Anywhere (v6)
80/tcp (v6)                ALLOW IN    Anywhere (v6)
443/tcp (v6)               ALLOW IN    Anywhere (v6)


ufw version ; ufw status verbose | head --lines=4 ; ufw status numbered | grep -v 'Status' ;
Status: active
Logging: on (low)
Default: allow (incoming), allow (outgoing), disabled (routed)
New profiles: skip

     To                         Action      From
     --                         ------      ----
[ 1] Anywhere                   DENY IN     192.0.2.100
[ 2] 22                         ALLOW IN    192.0.2.110
[ 3] 22/tcp                     ALLOW IN    Anywhere
[ 4] 80/tcp                     ALLOW IN    Anywhere
[ 5] 443/tcp                    ALLOW IN    Anywhere
[ 6] 22/tcp (v6)                ALLOW IN    Anywhere (v6)
[ 7] 80/tcp (v6)                ALLOW IN    Anywhere (v6)
[ 8] 443/tcp (v6)               ALLOW IN    Anywhere (v6)




Please DONATE to support the development of Free and Open Source Software (PayPal, Credit Card, Bitcoin, Ether)

Page issued on 25-Sep-2022 04:16 GMT
Copyright (c) 2022 Geody - Legal notices: copyright, privacy policy, disclaimer