|
Size: 1463
Comment:
|
← Revision 15 as of 2023-04-08 13:25:45 ⇥
Size: 1222
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| = UFW = | = Ufw = |
| Line 3: | Line 3: |
| '''`ufw(8)`''' (meaning '''Uncomplicated Firewall''') is a firewall management program. It is a wrapper around `iptables(8)`. | '''`ufw(8)`''' ('''U'''ncomplicated '''F'''ire'''w'''all) is a firewall management program. It is a wrapper around `iptables(8)`. |
| Line 13: | Line 13: |
| Install the `ufw` package through your preferred package manager. Then [[Linux/Systemd|start and enable]] ufw.service. Note that not all operating systems have strong support for `ufw(8)`. [[Linux/Alpine|Alpine Linux]] prefers its users to use [[Awall]]; [[Linux/Fedora|Fedora]] and associated projects ship with the incompatible [[Linux/SystemdFirewalld|firewalld]]. BSDs do not offer `iptables(8)`, so `ufw(8)` is a non-option. |
Several [[Linux]] distributions offer a `ufw` package. Then [[Linux/Systemd|start and enable]] ufw.service. |
| Line 67: | Line 65: |
| ---- == See also == [[https://man.archlinux.org/man/ufw.8|ufw(8)]] |
Ufw
ufw(8) (Uncomplicated Firewall) is a firewall management program. It is a wrapper around iptables(8).
Contents
Installation
Several Linux distributions offer a ufw package. Then start and enable ufw.service.
Configuration
A basic rule set is:
ufw default deny incoming ufw default allow outgoing ufw allow 22
ufw(8) is distributed with app profiles that simplify the configuration process. Instead of allowing ports, consider allowing apps.
ufw allow ssh
Web Servers
The following rules should allow any web server to operate.
ufw allow http ufw allow https
Additional steps may be required if using certbot on a custom port.
FTP
ufw allow 20/tcp ufw allow 21/tcp ufw allow 989/tcp ufw allow 990/tcp
Passive configuration also utilizes a pool of ports. Recommended to use custom ports, so adjust as needed.
ufw allow 40000:42000/tcp