Howto: Use, setup, and Take advantage of the New Ubuntu Uncomplicated Firewall UFW
Here is an overview on howto use ufw the Uncomplicated Firewall:
Lets turn UFW on:sudo ufw enable
When you initially turn the firewall on, it is in ACCEPT mode, and will accept everything incoming and outgoing until you make rulesets.
The simple syntax to allow an incoming/outgoing connection on a specified port to any host would be:sudo ufw allow 53
To specify a protocol, append ’/protocol’ to the port. For example lets enable tcp connections on port 53 incoming/outgoing:sudo ufw allow 53/tcp
or for udpsudo ufw allow 53/udp
You can also allow by service name since ufw reads from /etc/services
Lets see what services are in /etc/services:cat /etc/services | less
As an example lets allow ssh which is port 22sudo ufw allow ssh
You can also use a fuller syntax, specifying the source and destination addresses and ports. This syntax is based on OpenBSD’s PF syntax. Which will deny all traffic to tcp port 22 on this hostufw deny proto tcp to any port 22
To deny all traffic from the RFC1918 Class A network (10.0.0.0/8) to tcp port 22 with the address 192.168.0.1 we would use this:ufw deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 22
If you want to deny all traffic from the IPv6 2001:db8::/32 to tcp port 80 on this host you would use:ufw deny proto tcp from 2001:db8::/32 to any port 80
To delete a rule, simply prefix the original rule with delete. For example, if the original rule was:ufw deny 80/tcp
Use this to delete it:sudo ufw delete deny 80/tcp
Lets deny all access to port 80sudo ufw deny 80
Lets allow all access to port 80sudo ufw allow 80/tcp
Lets block a single host:sudo ufw deny from 207.46.232.182
The above command blocked microsoft lol
Lets block microsoft's class bsudo ufw deny from 207.46.0.0/16
Lets allow all access from RFC1918 networks(LAN/WLAN's) to this host:sudo ufw allow from 10.0.0.0/8sudo ufw allow from 172.16.0.0/12sudo ufw allow from 192.168.0.0/16
Lets Deny access to udp port 139 from host 192.168.1.1:sudo ufw deny proto udp from 192.168.1.1 to any port 139
The same thing above with tcp instead:sudo ufw deny proto tcp from 192.168.1.1 to any port 139
Allow access to udp 192.168.1.1 port 22 from 192.168.1.100 port 22:sudo ufw allow proto udp from 192.168.1.100 port 22 to 192.168.1.1 port 22
To check the status of ufw with the ports in the listening state use:sudo ufw status
To disable ufw use:sudo ufw disable
To enable logging use:ufw logging on
To disable logging use:ufw logging off
Fore more complete information please see the Ubuntu Wiki
Or read the man pages via Applications->Accessories->Terminal
Then type:man ufw
