2. UFW
NAME
• ufw - program for managing a netfilter firewall
DESCRIPTION
• This program is for managing a Linux firewall
and aims to provide an easy to use interface
for the user.
4. UFW options
• --version show program’s version number and
exit
• -h, --help show help message and exit
• --dry-run don’t modify anything, just show the
changes
• enable reloads firewall and enables firewall on
boot
• disable unloads firewall and disables firewall on
boot
5. UFW options
• default allow|deny change the default policy for
incoming traffic. Note that existing rules will have to be
migrated manually when changing the default policy.
• logging on|off toggle logging
• status show status of firewall and ufw managed rules
• allow RULE allow RULE. See RULE SYNTAX
• deny RULE deny RULE. See RULE SYNTAX
• delete allow|deny RULE deletes the corresponding
allow/deny RULE
6. UBUNTU
• To check status of inbuilt firewall
$ sudo ufw status
• To set default settings of firewall
$ sudo ufw default allow or deny
• To enable or disable firewall
• $ sudo ufw enable or disable
7. UBUNTU
• To allow traffic from a particular ip (rules)
$ sudo ufw allow from 192.168.1.111
• To allow specific ports( set rule)
$ sudo ufw allow/deny (port no) (e.g 80)
• To delete rule
• $ sudo ufw delete allow/deny (port no) (e,g 80)
8. UBUNTU
• To allow traffic from a particular port of an ip
(rules)
$ sudo ufw allow from 192.168.1.111 to 80(port
no)
9. UFW Examples
Allow port 53
•
$ sudo ufw allow 53
•
Delete Allow port 53
•
$ sudo ufw delete allow 53
•
Allow port 80
•
$ sudo ufw allow 80/tcp
•
Delete Allow port 80
•
$ sudo ufw delete allow 80/tcp
•
Allow port smtp
•
$ sudo ufw allow smtp
•
Delete Allow port smtp
•
$ sudo ufw delete allow smtp
•
Allow fro Particular IP
•
$ sudo ufw allow from 192.168.254.254
•
Delete the above rule
•
$ sudo ufw delete allow from 192.168.254.254
•
10. GUFW
• Moreover, if you feel that the terminal way is a
bit annoying, you can use the graphical way of
the settings. But, you have to install another tiny
package namingGUFW.
$ sudo apt-get install gufw
• Install .deb package using the following
command
$ sudo dpkg -i gufw_0.20.7-all.deb
11. GUFW
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
12. GUFW
• Using Gufw
• If you want to open Gufw go to Applications---
>Internet--->Gufw Firewall Configuration
13. GUFW
• Once it opens you should see similar to the following screen here you
need to click on checkbox next to firewall enabled
14. GUFW
• If you use allow all incoming traffic you should
see similar to the following screen
15. GUFW
• If you select Deny incoming traffic with simple
configuration screen
18. UFW
• ufw is not intended to provide complete firewall functionality via its
command interface, but instead provides an easy way to add or
remove simple rules. It is currently mainly used for host-based
firewalls.
• Administrators can customize before.rules and after.rules as
desired using the standard iptables-restore syntax. Rules are
evaluated as follows: before.rules first, user.rules next, and
after.rules last.
• Please note that ufw status only shows rules added with ufw and
not the rules found in the /etc/ufw rules files.
19. UFW
• ufw is a front-end for iptables-restore, with its
rules saved in /etc/ufw/before.rules, /etc/ufw/
after.rules and /var/lib/ufw/user.rules.
• ufw will read in /etc/ufw/sysctl.conf on boot
when enabled. To change this behavior,
modify /etc/default/ufw.
20. • Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
21. OTW
• Third party firewalls for linux
• NAT with Ubuntu’s ufw firewall
• Fire starter - configuration
• Iptables (in detial)
***Class by student officers ***