ufw is a simple wrapper around
iptables (which can be rather complicated). You can view all the rules the CLI adds in
Adding Rules and Enabling
Some basic stuff for all interfaces.
# Block everything incoming ufw default deny incoming # Allow all outgoing connections ufw default allow outgoing # Allow a port ufw allow 3306 # Show list of apps that have registered themselves with ufw # These are in /etc/ufw/applications.d ufw app list # Enable an app ufw allow Samba # Show all added things (don't need a running firewall for this) ufw show added # Enable the firewall ufw enable # Check (running) firewall's status ufw status verbose
# Get the rule number ufw status numbered # Remove the offending rule ufw delete 3
# Deny access to a port ufw deny 22 # Deny a host and subnet ufw deny from 192.168.1.4 ufw deny from 192.168.1.0/24 # Deny an outgoing connection ufw deny out 22
# Allow a port range ufw allow 8000:8008/tcp ufw allow 8000:8008/udp # Allow an IP Address ufw allow from 192.168.1.19 # Allow access to an interface ufw allow in on eth1 to any port 80 ufw allow in on eth1 to any port 443 # Allow an IP Address to a specific port ufw allow from 192.168.1.19 to any port 3306 # Allow an entire subnet ufw allow from 192.168.1.0/24 # Allow an entire subnet to a specific port ufw allow from 192.168.1.0/24 to any port 3306
ufw won’t block
macvlan ports for obvious reasons!