Configuring a firewall involves defining rules that specify what type of network traffic is allowed or denied. Here are ten commonly used commands for configuring a firewall using the Uncomplicated Firewall (UFW) on Linux. Make sure to adjust these commands based on your specific requirements
1. Enable UFWWhen you run `sudo ufw enable`, it activates the firewall and sets it to start at boot time. This means that the firewall rules you have configured with ufw will be applied, and the firewall will be active to help secure your system.
sudo ufw enable
The `sudo ufw disable` command is used to deactivate or disable the Uncomplicated Firewall (ufw) on a Linux system. When you disable ufw, it stops applying the configured firewall rules, allowing all network traffic to pass through without any restrictions imposed by the firewall.Disabling the firewall can be useful in certain situations, such as troubleshooting network connectivity issues or temporarily allowing unrestricted access to all services. However, it's important to exercise caution when disabling the firewall, as it can potentially expose your system to security risks.
sudo ufw disable
If you no longer need the firewall to be disabled, it's a good practice to re-enable it using the `sudo ufw enable` command after you have resolved the issues or completed the tasks that required the firewall to be disabled.Always ensure that you have proper firewall rules in place to secure your system before enabling or disabling the firewall.
3. Reset UFW RulesThe sudo ufw reset command is used to reset the Uncomplicated Firewall (ufw) to its default settings. When you run this command, it removes all custom rules that you have configured and resets the firewall to its default state.This command is useful if you want to start with a clean slate and remove any customizations or rules that might have been added to the firewall.
sudo ufw reset
After running `sudo ufw reset`, you might want to reconfigure your firewall rules using the appropriate `sudo ufw allow` and `sudo ufw deny` commands to permit or block specific types of traffic based on your requirements.
4. Check StatusThe `sudo ufw status` command is used to display the current status and rules of the Uncomplicated Firewall (ufw) on a Linux system. When you run this command with administrative privileges, it will show you a list of configured rules, along with their status.
sudo ufw status
The command `sudo ufw allow 80` is used to allow incoming traffic on port 80 using the Uncomplicated Firewall (ufw) on a Linux system. Port 80 is the default port for HTTP traffic, and by allowing traffic on this port, you are permitting incoming connections to web servers.
sudo ufw allow 80
To allow incoming traffic on a specific port with a specified protocol using Uncomplicated Firewall (ufw), you can use the `sudo ufw allow` command with the port number and protocol specified. Here's the general syntax:
sudo ufw allow [PORT]/[PROTOCOL]
Replace `[PORT]` with the port number you want to allow and `[PROTOCOL]` with the protocol (e.g., tcp, udp).
For example, to allow incoming TCP traffic on port 124, you would use:
sudo ufw allow 124/tcp
If you want to allow incoming UDP traffic on the same port, you would use
sudo ufw allow 124/udp
This way, you can specify the protocol along with the port to create more specific rules.
7. Allow All Incoming Traffic from a Specific IP AddressThe command `sudo ufw allow from 192.168.1.2` is used to allow incoming traffic from a specific IP address (192.168.1.2 in this case) using the Uncomplicated Firewall (ufw) on a Linux system. This command opens up the firewall to accept incoming connections from the specified IP address.
sudo ufw allow from 192.168.1.2
If you want to further refine the rule by specifying a port or protocol, you can do so by extending the command. For example, this would allow incoming traffic from 192.168.1.2 to the specified port 80.
sudo ufw allow from 192.168.1.2 to any port 80
The command `sudo ufw deny 443` is used to deny incoming traffic on port 443 using the Uncomplicated Firewall (ufw) on a Linux system. Port 443 is commonly used for HTTPS traffic, and denying connections on this port would prevent incoming traffic over the HTTPS protocol.After running this command, connections attempting to access the system on port 443 will be blocked by the firewall.
sudo ufw deny 443
After running this command, the rule at position 3 in the list of rules will be removed from the firewall configuration.
sudo ufw delete 3
Be cautious when using the delete command, as removing the wrong rule could impact network connectivity or compromise security. Always review your rules and confirm the rule number before deleting it.
10. Show UFW Rules with NumbersThe `sudo ufw status numbered` command is used to display the current status of Uncomplicated Firewall (ufw) rules along with their corresponding numbers. This is useful when you want to see a numbered list of firewall rules, making it easier to identify specific rules that you may want to modify or delete.
sudo ufw status numbered
The command sudo ufw deny from 192.168.1.2 is used to deny incoming traffic from a specific IP address (192.168.1.2) using the Uncomplicated Firewall
sudo ufw deny from 192.168.1.2
The command sudo ufw deny from 192.168.1.2 is used to deny incoming traffic from a specific IP address (192.168.1.2) using the Uncomplicated Firewall.
sudo ufw default deny incoming
This command sets the default policy for outgoing traffic to allow. It ensures that all outgoing connections are permitted.
sudo ufw default allow outgoing
After running this command, ufw will limit the rate of incoming SSH connections on port 22 to help mitigate the risk of brute-force attacks. This command only allow 6 connections per 30 seconds This limit is imposed to prevent a single IP address from making too many connection attempts within a specified time period.
sudo ufw limit 22/tcp
After running this command, ufw will start logging information related to allowed and denied connections, which can be useful for monitoring and troubleshooting firewall activity.
sudo ufw logging on
`sudo ufw logging status` will show you whether logging is currently enabled or disabled.
sudo ufw logging status
Keep in mind that enabling logging can generate a significant amount of log data, depending on your system's activity. Regularly review the logs to monitor firewall events and detect any unusual or suspicious activity.
16. Delete All Rules for a Specific Porthe sudo ufw delete allow 80 command is used to delete a specific rule that allows incoming traffic on port 80 using the Uncomplicated Firewall (ufw) on a Linux system.
sudo ufw delete allow 80
The command `sudo ufw delete allow 22/tcp` is used to delete a specific rule that allows incoming SSH (Secure Shell) connections on port 22 using the Uncomplicated Firewall (ufw) on a Linux system.
sudo ufw delete allow 22/tcp
The command `sudo ufw delete allow from 192.168.1.2` is used to delete a specific rule that allows incoming traffic from the IP address 192.168.1.2 using the Uncomplicated Firewall (ufw) on a Linux system.
sudo ufw delete allow from 192.168.1.2
The sudo ufw app list command is used to display a list of available application profiles that can be used with Uncomplicated Firewall (ufw) on a Linux system. These application profiles simplify the process of configuring firewall rules by grouping related rules for specific applications or services.When you run the command, it will show you a list of application profiles that you can use to configure firewall rules.
sudo ufw app list
Output:
Available applications :
Apache
Apache Full
Apache Secure
CUPS
The command `sudo ufw allow in on eth0` is used to allow incoming traffic on the specified network interface (in this case, `eth0`) using the Uncomplicated Firewall (ufw).After running this command, incoming traffic on the specified network interface will be permitted by the firewall.
sudo ufw allow in on eth0
The `sudo ufw status verbose` command is used to display a more detailed and verbose output of the current status and rules of the Uncomplicated Firewall (ufw) on a Linux system. This command provides additional information, such as the logging status and additional details about the rules.
sudo ufw status verbose
Output:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
To Action From
-- ---------- ------
22/tcp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp DENY IN Anywhere
123/udp ALLOW IN Anywhere
These commands provide a wide range of options for configuring UFW. Adjust them based on your specific requirements, and always be cautious when configuring firewalls to avoid locking yourself out of the system.