You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9.4 KiB
9.4 KiB
Alias | Tag | Date | DocType | Hierarchy | TimeStamp | location | CollapseMetaTable | |||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
2021-10-04 | Personal | NonRoot |
|
Yes |
Parent:: Selfhosting, Server Alias, Server Cloud, Server Tools, Server VPN
^Top
name Save
type command
action Save current file
id Save
^button-UFWSave
Configuring UFW
title: Summary
collapse: open
Description of basic commands for UFW
style: number
Installation and activation
UFW should be installed by default in Ubuntu servers. If not, see below.
Installation of UFW
~~~bash
sudo apt install ufw
~~~
Activation of UFW
~~~bash
sudo ufw status
~~~
If disabled:
~~~bash
sudo ufw enable
~~~
Basic commands
UFW rules status
~~~bash
sudo ufw status
~~~
Commands can be appended:
verbose
: details incoming/outgoing rulesnumbered
: display rule numbers
UFW rule management
Allow / Deny
~~~bash
sudo ufw allow/deny
~~~
Then:
Type to allow | Syntax |
---|---|
IP | from (ip address/range) |
Port | (portnumber)/(protocol) |
Service | (service name) |
Protocol | proto (protocol name) |
Rule priority
Certain rules like IP denial need to be put on top of the rule stack as UFW reads rules in order one after another. Insert the following in the command to force insertion:
~~~bash
insert 1 (or any place in the pecking order)
~~~
Complex rule syntax
Finer rules can be defined with the following syntax.
rule condition | syntax |
---|---|
connecting IP | from (ip or any) |
internal IP | to (ip or any) |
protocol | proto (protocol or any) |
port | port (port or any) |
outgoing traffic | out |
Delete a rule
~~~bash
sudo ufw delete <rule number>
~~~
Ban List management
Ban List Folder
/etc/addip4ban/
Ban List Script
title: addip4ban.sh
~~~bash
#!/bin/bash
INPUT="/etc/addip4ban/blocked.ip.list"
while IFS= read -r block
do
sudo ufw insert 1 deny from "$block"
done < "$INPUT"
~~~
Once written, the script needs to be executed. To prepare:
~~~bash
sudo chmod +x /etc/addip4ban/addip4ban.sh
~~~
Ban List Document
title: blocked.ip.list
~~~bash
< ip1 >
< ip2/range >
< ip3 >
~~~
Ban list Update Process
Copy/paste the new ban list into blocked.ip.list
and run:
~~~bash
sudo bash /etc/addip4ban/addip4ban.sh
~~~
Ban List Tasks
- 🖥 Selfhosting, Configuring UFW Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2022-08-20
- 🖥 Selfhosting, Configuring UFW Get IP addresses caught by Postfix %%done_del%% 🔁 every week on Saturday 📅 2022-08-13 ✅ 2022-08-12
- 🖥 Selfhosting, Configuring UFW Get IP addresses caught by Postfix 🔁 every week on Saturday 📅 2022-08-06 ✅ 2022-08-05
- 🖥 Selfhosting, Configuring UFW Get IP addresses caught by Postfix 🔁 every week on Saturday 📅 2022-07-30 ✅ 2022-07-29
- 🖥 Selfhosting, Configuring UFW Get IP addresses caught by Postfix 🔁 every week on Saturday 📅 2022-07-23 ✅ 2022-07-22
- 🖥 Selfhosting, Configuring UFW Get IP addresses caught by Postfix 🔁 every week on Saturday 📅 2022-07-16 ✅ 2022-07-15
- 🖥 Selfhosting, Configuring UFW Get IP addresses caught by Postfix 🔁 every week on Saturday 📅 2022-07-09 ✅ 2022-07-08
- 🖥 Selfhosting, Configuring UFW Get IP addresses caught by Postfix 🔁 every week on Saturday 📅 2022-07-02 ✅ 2022-07-03
- 🖥 Selfhosting, Configuring UFW Get IP addresses caught by Postfix 🔁 every week on Saturday 📅 2022-06-25 ✅ 2022-06-24
- 🖥 Selfhosting, Configuring UFW Get IP addresses caught by Postfix 🔁 every week on Saturday 📅 2022-06-18 ✅ 2022-06-20
- 🖥 Selfhosting, Configuring UFW Get IP addresses caught by Postfix 🔁 every week on Saturday 📅 2022-06-11 ✅ 2022-06-14
- 🖥 Selfhosting, Configuring UFW Get IP addresses caught by Postfix 🔁 every week on Saturday 📅 2022-06-04 ✅ 2022-06-04
- Selfhosting, Configuring UFW Get IP addresses caught by Postfix 🔁 every week on Saturday 📅 2022-05-28 ✅ 2022-05-28
- Selfhosting, Configuring UFW Get IP addresses caught by Postfix 🔁 every week on Saturday 📅 2022-05-21 ✅ 2022-05-21
- Selfhosting, Configuring UFW Get IP addresses caught by Postfix 🔁 every week on Saturday 📅 2022-05-14 ✅ 2022-05-14
- Selfhosting, Configuring UFW Get IP addresses caught by Postfix 🔁 every week on Saturday 📅 2022-05-07 ✅ 2022-05-06
- Selfhosting, Configuring UFW Get IP addresses caught by Postfix 🔁 every week on Saturday 📅 2022-04-30 ✅ 2022-05-01
- Selfhosting, Configuring UFW Get IP addresses caught by Postfix 🔁 every week on Saturday 📅 2022-04-23 ✅ 2022-04-22
- Selfhosting, Configuring UFW Get IP addresses caught by Postfix 🔁 every week on Saturday 📅 2022-04-16 ✅ 2022-04-16
- Selfhosting, Configuring UFW Get IP addresses caught by Postfix 🔁 every week on Saturday 📅 2022-04-10 ✅ 2022-04-10
- Selfhosting, Configuring UFW Get IP addresses caught by Postfix 🔁 every week on Saturday 📅 2022-04-02 ✅ 2022-04-02
- Selfhosting, Configuring UFW Get IP addresses caught by Postfix 🔁 every week on Saturday 📅 2022-03-26 ✅ 2022-03-26
- Selfhosting, Configuring UFW Get IP addresses caught by Postfix 🔁 every week on Saturday 📅 2022-03-19 ✅ 2022-03-18
- 🖥 Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-08-20
- 🖥 Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-08-13 ✅ 2022-08-12
- 🖥 Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-08-06 ✅ 2022-08-05
- 🖥 Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-07-30 ✅ 2022-07-29
- 🖥 Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-07-23 ✅ 2022-07-22
- 🖥 Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-07-16 ✅ 2022-07-15
- 🖥 Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-07-09 ✅ 2022-07-08
- 🖥 Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-07-02 ✅ 2022-07-03
- 🖥 Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-06-25 ✅ 2022-06-24
- 🖥 Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-06-18 ✅ 2022-06-20
- 🖥 Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-06-11 ✅ 2022-06-14
- 🖥 Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-06-04 ✅ 2022-06-04
- Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-05-28 ✅ 2022-05-28
- Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-05-21 ✅ 2022-05-21
- Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-05-14 ✅ 2022-05-14
- Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-05-07 ✅ 2022-05-06
- Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-04-30 ✅ 2022-05-01
- Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-04-23 ✅ 2022-04-22
- Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-04-16 ✅ 2022-04-16
- Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-04-10 ✅ 2022-04-10
- Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-04-02 ✅ 2022-04-02
- Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-03-26 ✅ 2022-03-26
- Selfhosting, Configuring UFW: Update the Blocked IP list 🔁 every month on Saturday 📅 2022-03-19 ✅ 2022-03-18