Differences between revisions 11 and 13 (spanning 2 versions)
Revision 11 as of 2023-01-08 20:56:11
Size: 1471
Editor: DominicRicottone
Comment:
Revision 13 as of 2023-04-03 02:37:32
Size: 1475
Editor: DominicRicottone
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= UFW = = Ufw =
Line 3: Line 3:
'''`ufw(8)`''' (meaning '''Uncomplicated Firewall''') is a firewall management program. It is a wrapper around `iptables(8)`. '''`ufw(8)`''' ('''U'''ncomplicated '''F'''ire'''w'''all) is a firewall management program. It is a wrapper around `iptables(8)`.

Ufw

ufw(8) (Uncomplicated Firewall) is a firewall management program. It is a wrapper around iptables(8).

Contents

  1. Ufw
    1. Installation
    2. Configuration
      1. Web Servers
      2. FTP

Installation

Install the ufw package through your preferred package manager. Then start and enable ufw.service.

Note that not all operating systems have strong support for ufw(8). Alpine Linux prefers its users to use Awall; Fedora and associated projects ship with the incompatible firewalld. BSDs do not offer iptables(8), so ufw(8) is a non-option.

Configuration

A basic rule set is: 

ufw default deny incoming
ufw default allow outgoing
ufw allow 22

ufw(8) is distributed with app profiles that simplify the configuration process. Instead of allowing ports, consider allowing apps. 

ufw allow ssh

Web Servers

The following rules should allow any web server to operate. 

ufw allow http
ufw allow https

Additional steps may be required if using certbot on a custom port.

FTP

ufw allow 20/tcp
ufw allow 21/tcp
ufw allow 989/tcp
ufw allow 990/tcp

Passive configuration also utilizes a pool of ports. Recommended to use custom ports, so adjust as needed. 

ufw allow 40000:42000/tcp

CategoryRicottone

Ufw (last edited 2023-04-08 13:25:45 by DominicRicottone)