You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

9.4 KiB

Alias Tag Date DocType Hierarchy TimeStamp location CollapseMetaTable
UFW
Server
Firewall
2021-10-04 Personal NonRoot
51.514678599999996
-0.18378583926867909
Yes

Parent:: Selfhosting, Server Alias, Server Cloud, Server Tools, Server VPN


^Top

name Save
type command
action Save current file
id Save

^button-UFWSave

Configuring UFW

title: Summary
collapse: open
Description of basic commands for UFW

style: number


Installation and activation

#^Top

UFW should be installed by default in Ubuntu servers. If not, see below.

Installation of UFW

~~~bash
sudo apt install ufw
~~~

Activation of UFW

~~~bash
sudo ufw status
~~~

If disabled:

~~~bash
sudo ufw enable
~~~


Basic commands

#^Top

UFW rules status

~~~bash
sudo ufw status
~~~

Commands can be appended:

  • verbose: details incoming/outgoing rules
  • numbered: display rule numbers

UFW rule management

#^Top

Allow / Deny
~~~bash
sudo ufw allow/deny
~~~

Then:

Type to allow Syntax
IP from (ip address/range)
Port (portnumber)/(protocol)
Service (service name)
Protocol proto (protocol name)

Rule priority

Certain rules like IP denial need to be put on top of the rule stack as UFW reads rules in order one after another. Insert the following in the command to force insertion:

~~~bash
insert 1 (or any place in the pecking order)
~~~

Complex rule syntax

Finer rules can be defined with the following syntax.

rule condition syntax
connecting IP from (ip or any)
internal IP to (ip or any)
protocol proto (protocol or any)
port port (port or any)
outgoing traffic out

Delete a rule
~~~bash
sudo ufw delete <rule number>
~~~


Ban List management

#^Top

Ban List Folder

/etc/addip4ban/

Ban List Script

title: addip4ban.sh
~~~bash
#!/bin/bash

INPUT="/etc/addip4ban/blocked.ip.list"

while IFS= read -r block
do
    sudo ufw insert 1 deny from "$block"
done < "$INPUT"
~~~

Once written, the script needs to be executed. To prepare:

~~~bash
sudo chmod +x /etc/addip4ban/addip4ban.sh
~~~

Ban List Document

title: blocked.ip.list
~~~bash
< ip1 >
< ip2/range >
< ip3 >
~~~

Ban list Update Process

Copy/paste the new ban list into blocked.ip.list and run:

~~~bash
sudo bash /etc/addip4ban/addip4ban.sh
~~~

Ban List Tasks

#^Top