You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
281 lines
9.0 KiB
281 lines
9.0 KiB
---
|
|
|
|
Alias: ["UFW"]
|
|
Tag: ["🖥️", "Firewall"]
|
|
Date: 2021-10-04
|
|
DocType: "Personal"
|
|
Hierarchy: "NonRoot"
|
|
TimeStamp:
|
|
location: [51.514678599999996, -0.18378583926867909]
|
|
CollapseMetaTable: true
|
|
|
|
---
|
|
|
|
Parent:: [[Selfhosting]], [[Server Alias]], [[Server Cloud]], [[Server Tools]], [[Server VPN]]
|
|
|
|
---
|
|
|
|
^Top
|
|
|
|
 
|
|
|
|
```button
|
|
name Save
|
|
type command
|
|
action Save current file
|
|
id Save
|
|
```
|
|
^button-UFWSave
|
|
|
|
 
|
|
|
|
# Configuring UFW
|
|
|
|
 
|
|
|
|
```ad-abstract
|
|
title: Summary
|
|
collapse: open
|
|
Description of basic commands for UFW
|
|
```
|
|
|
|
 
|
|
|
|
```toc
|
|
style: number
|
|
```
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
### Installation and activation
|
|
[[#^Top|TOP]]
|
|
 
|
|
|
|
UFW should be installed by default in Ubuntu servers. If not, see below.
|
|
|
|
 
|
|
|
|
#### Installation of UFW
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo apt install ufw
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
#### Activation of UFW
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo ufw status
|
|
~~~
|
|
```
|
|
|
|
If disabled:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo ufw enable
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
### Basic commands
|
|
[[#^Top|TOP]]
|
|
 
|
|
|
|
#### UFW rules status
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo ufw status
|
|
~~~
|
|
```
|
|
|
|
Commands can be appended:
|
|
- `verbose`: details incoming/outgoing rules
|
|
- `numbered`: display rule numbers
|
|
|
|
 
|
|
|
|
#### UFW rule management
|
|
[[#^Top|TOP]]
|
|
##### Allow / Deny
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo ufw allow/deny
|
|
~~~
|
|
```
|
|
|
|
Then:
|
|
|
|
| Type to allow | Syntax
|
|
|--------------|--------
|
|
**IP** | from (ip address/range)
|
|
**Port** | (portnumber)/(protocol)
|
|
**Service** | (service name)
|
|
**Protocol** | proto (protocol name)
|
|
|
|
 
|
|
|
|
##### Rule priority
|
|
|
|
Certain rules like IP denial need to be put on top of the rule stack as UFW reads rules in order one after another. Insert the following in the command to force insertion:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
insert 1 (or any place in the pecking order)
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
##### Complex rule syntax
|
|
|
|
Finer rules can be defined with the following syntax.
|
|
|
|
| rule condition | syntax
|
|
|--------------|--------
|
|
**connecting IP** | from (ip or any)
|
|
**internal IP** | to (ip or any)
|
|
**protocol** | proto (protocol or any)
|
|
**port** | port (port or any)
|
|
**outgoing traffic** | out
|
|
|
|
 
|
|
|
|
##### Delete a rule
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo ufw delete <rule number>
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
### Ban List management
|
|
[[#^Top|TOP]]
|
|
 
|
|
|
|
#### Ban List Folder
|
|
|
|
```ad-path
|
|
/etc/addip4ban/
|
|
```
|
|
|
|
 
|
|
|
|
#### Ban List Script
|
|
|
|
```ad-code
|
|
title: addip4ban.sh
|
|
~~~bash
|
|
#!/bin/bash
|
|
|
|
INPUT="/etc/addip4ban/blocked.ip.list"
|
|
|
|
while IFS= read -r block
|
|
do
|
|
sudo ufw insert 1 deny from "$block"
|
|
done < "$INPUT"
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
Once written, the script needs to be executed. To prepare:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo chmod +x /etc/addip4ban/addip4ban.sh
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
#### Ban List Document
|
|
|
|
```ad-code
|
|
title: blocked.ip.list
|
|
~~~bash
|
|
< ip1 >
|
|
< ip2/range >
|
|
< ip3 >
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
#### Ban list Update Process
|
|
|
|
Copy/paste the new ban list into `blocked.ip.list` and run:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo bash /etc/addip4ban/addip4ban.sh
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
#### Ban List Tasks
|
|
|
|
- [ ] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-11-16
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-11-09 ✅ 2024-11-09
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-11-02 ✅ 2024-11-01
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-10-26 ✅ 2024-10-29
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-10-19 ✅ 2024-10-18
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-10-12 ✅ 2024-10-14
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-10-05 ✅ 2024-10-04
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-09-28 ✅ 2024-09-27
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-09-21 ✅ 2024-09-20
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-09-14 ✅ 2024-09-13
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-09-07 ✅ 2024-09-08
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-08-31 ✅ 2024-09-01
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-08-24 ✅ 2024-08-24
|
|
- [ ] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-11-16
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-11-09 ✅ 2024-11-09
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-11-02 ✅ 2024-11-01
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-10-26 ✅ 2024-10-29
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-10-19 ✅ 2024-10-18
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-10-12 ✅ 2024-10-14
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-10-05 ✅ 2024-10-04
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-09-28 ✅ 2024-09-27
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-09-21 ✅ 2024-09-20
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-09-14 ✅ 2024-09-13
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-09-07 ✅ 2024-09-08
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-08-31 ✅ 2024-09-01
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]] Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2024-08-24 ✅ 2024-08-24
|
|
- [ ] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]]: Update the Blocked IP list %%done_del%% 🔁 every month on Saturday 📅 2024-11-16
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]]: Update the Blocked IP list %%done_del%% 🔁 every month on Saturday 📅 2024-11-09 ✅ 2024-11-09
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]]: Update the Blocked IP list %%done_del%% 🔁 every month on Saturday 📅 2024-11-02 ✅ 2024-11-01
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]]: Update the Blocked IP list %%done_del%% 🔁 every month on Saturday 📅 2024-10-26 ✅ 2024-10-29
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]]: Update the Blocked IP list %%done_del%% 🔁 every month on Saturday 📅 2024-10-19 ✅ 2024-10-18
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]]: Update the Blocked IP list %%done_del%% 🔁 every month on Saturday 📅 2024-10-12 ✅ 2024-10-14
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]]: Update the Blocked IP list %%done_del%% 🔁 every month on Saturday 📅 2024-10-05 ✅ 2024-10-04
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]]: Update the Blocked IP list %%done_del%% 🔁 every month on Saturday 📅 2024-09-28 ✅ 2024-09-27
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]]: Update the Blocked IP list %%done_del%% 🔁 every month on Saturday 📅 2024-09-21 ✅ 2024-09-20
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]]: Update the Blocked IP list %%done_del%% 🔁 every month on Saturday 📅 2024-09-14 ✅ 2024-09-13
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]]: Update the Blocked IP list %%done_del%% 🔁 every month on Saturday 📅 2024-09-07 ✅ 2024-09-08
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]]: Update the Blocked IP list %%done_del%% 🔁 every month on Saturday 📅 2024-08-31 ✅ 2024-09-01
|
|
- [x] 🖥 [[Selfhosting]], [[Configuring UFW|Firewall]]: Update the Blocked IP list %%done_del%% 🔁 every month on Saturday 📅 2024-08-24 ✅ 2024-08-24
|
|
|
|
 
|
|
  |