Differences between revisions 1 and 6 (spanning 5 versions)

UFW

Uncomplicated Firewall (UFW) is a simple-to-use but powerful firewall management software. It is a wrapper around iptables, automatically writing rules for it.

Contents

UFW
1. Installation
2. Configuration
  1. Web Servers
  2. FTP

Installation

Configuration

A basic rule set is:

ufw default deny incoming
ufw default allow outgoing

ufw allow ssh
ufw allow 22

Web Servers

The following rules should allow any web server to operate.

ufw allow http
ufw allow 80
ufw allow https
ufw allow 443

FTP

ufw allow 20/tcp
ufw allow 21/tcp
ufw allow 989/tcp
ufw allow 990/tcp

Passive configuration also utilizes a pool of ports. Recommended to use custom ports, so adjust as needed.

ufw allow 40000:42000/tcp

CategoryRicottone

-  ⇤ ← Revision 1 as of 2020-01-15 04:10:21 → 
  Size: 1006
  Editor: DominicRicottone
  Comment:
+   ← Revision 6 as of 2021-11-18 09:14:13 → ⇥
  Size: 849
  Editor: DominicRicottone
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 3:
-'''Uncomplicated Firewall''' ('''UFW''') is a simple-to-use but powerful firewall management software. It is a wrapper around '''iptables''', automatically writing rules for it.
+'''Uncomplicated Firewall''' ('''UFW''') is a simple-to-use but powerful firewall management software. It is a wrapper around `iptables`, automatically writing rules for it.

<<TableOfContents>>

----
-Line 6:
+Line 10:
-== Basic Setup ==
-Line 8:
+Line 11:
-This is more than sufficient for servers that are not meant to be web-facing.
+== Installation ==

----



== Configuration ==

A basic rule set is:
-Line 11:
+Line 22:
-ufw allow outgoing all
ufw deny incoming all
+ufw default deny incoming
ufw default allow outgoing
-Line 18:
+Line 29:
-If using custom ports, adjust as needed. This would be set in `/etc/ssh/sshd_config`.
-Line 21:
+Line 31:
-== HTTP ==
+=== Web Servers ===
-Line 23:
+Line 33:
-Regardless of `httpd` flavor (Apache, NGINX, lighttpd, etc), this basic configuration should suffice.
+The following rules should allow any web server to operate.
-Line 32:
+Line 42:
-If using custom ports, adjust as needed.
-Line 35:
+Line 44:
-== FTP ==

There are standard unencrypted FTP ports:
+=== FTP ===
-Line 42:
+Line 49:
+ufw allow 989/tcp
ufw allow 990/tcp
-Line 44:
+Line 53:
-For security, encrypted FTP uses a pool of ports. This is the recommended setup for `vsftpd`:
+Passive configuration also utilizes a pool of ports. Recommended to use custom ports, so adjust as needed.
-Line 47:
+Line 56:
-ufw allow 990/tcp

Diff for "Ufw"

UFW

Installation

Configuration

Web Servers

FTP