Differences between revisions 2 and 6 (spanning 4 versions)

UFW

Uncomplicated Firewall (UFW) is a simple-to-use but powerful firewall management software. It is a wrapper around iptables, automatically writing rules for it.

Contents

UFW
1. Installation
2. Configuration
  1. Web Servers
  2. FTP

Installation

Configuration

A basic rule set is:

ufw default deny incoming
ufw default allow outgoing

ufw allow ssh
ufw allow 22

Web Servers

The following rules should allow any web server to operate.

ufw allow http
ufw allow 80
ufw allow https
ufw allow 443

FTP

ufw allow 20/tcp
ufw allow 21/tcp
ufw allow 989/tcp
ufw allow 990/tcp

Passive configuration also utilizes a pool of ports. Recommended to use custom ports, so adjust as needed.

ufw allow 40000:42000/tcp

CategoryRicottone

-  ⇤ ← Revision 2 as of 2020-01-15 04:24:54 → 
  Size: 1036
  Editor: DominicRicottone
  Comment:
+   ← Revision 6 as of 2021-11-18 09:14:13 → ⇥
  Size: 849
  Editor: DominicRicottone
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 1:
-## page was renamed from UFW
-Line 4:
+Line 3:
-'''Uncomplicated Firewall''' ('''UFW''') is a simple-to-use but powerful firewall management software. It is a wrapper around '''iptables''', automatically writing rules for it.
+'''Uncomplicated Firewall''' ('''UFW''') is a simple-to-use but powerful firewall management software. It is a wrapper around `iptables`, automatically writing rules for it.

<<TableOfContents>>

----
-Line 7:
+Line 10:
-== Basic Setup ==
-Line 9:
+Line 11:
-This is more than sufficient for servers that are not meant to be web-facing.
+== Installation ==

----



== Configuration ==

A basic rule set is:
-Line 12:
+Line 22:
-ufw allow outgoing all
ufw deny incoming all
+ufw default deny incoming
ufw default allow outgoing
-Line 19:
+Line 29:
-If using custom ports, adjust as needed. This would be set in `/etc/ssh/sshd_config`.
-Line 22:
+Line 31:
-== HTTP ==
+=== Web Servers ===
-Line 24:
+Line 33:
-Regardless of `httpd` flavor (Apache, NGINX, lighttpd, etc), this basic configuration should suffice.
+The following rules should allow any web server to operate.
-Line 33:
+Line 42:
-If using custom ports, adjust as needed.
-Line 36:
+Line 44:
-== FTP ==

There are standard unencrypted FTP ports:
+=== FTP ===
-Line 43:
+Line 49:
+ufw allow 989/tcp
ufw allow 990/tcp
-Line 45:
+Line 53:
-For security, encrypted FTP uses a pool of ports. This is the recommended setup for `vsftpd`:
+Passive configuration also utilizes a pool of ports. Recommended to use custom ports, so adjust as needed.
-Line 48:
+Line 56:
-ufw allow 990/tcp

Diff for "Ufw"

UFW

Installation

Configuration

Web Servers

FTP