{ "created": "2023-01-09T21:51:13Z", "hierarchy": [ { "name": "ROOT", "type": "folder", "uri": "/ROOT" }, { "name": "ufw Notes", "type": "article", "uri": "ufw_Notes" } ], "html": "\n\n \n \n \n \n \n \n \n \n \n \n \n ufw Notes – Nikhil's Personal Wiki\n \n \n \n \n \n

\n

\n

\n

\n \n Archive\n \n
\n \n Home\n \n
\n \n Random\n \n
\n \n Raw\n \n
\n \n Revisions\n \n
\n \n JSON\n \n

\n

\n

\n

\n \n \n\n

ufw Notes\n \n

\n

ufw is a simple wrapper around iptables (which can be rather complicated). You can view all the rules the CLI adds in /etc/ufw/user.rules

\n

Adding Rules and Enabling

\n

Some basic stuff for all interfaces.

\n

# Block everything incoming\nufw default deny incoming\n\n# Allow all outgoing connections\nufw default allow outgoing\n\n# Allow a port\nufw allow 3306\n\n# Show list of apps that have registered themselves with ufw\n# These are in /etc/ufw/applications.d\nufw app list\n\n# Enable an app\nufw allow Samba\n\n# Show all added things (don't need a running firewall for this)\nufw show added\n\n# Enable the firewall\nufw enable\n\n# Check (running) firewall's status\nufw status verbose\n

Deleting Rules

\n

# Get the rule number\nufw status numbered\n\n# Remove the offending rule\nufw delete 3\n

Denying Things

\n

# Deny access to a port\nufw deny 22\n\n# Deny a host and subnet\nufw deny from 192.168.1.4\nufw deny from 192.168.1.0/24\n\n# Deny an outgoing connection\nufw deny out 22\n

Other stuff

\n

# Allow a port range\nufw allow 8000:8008/tcp\nufw allow 8000:8008/udp\n\n# Allow an IP Address\nufw allow from 192.168.1.19\n\n# Allow access to an interface\nufw allow in on eth1 to any port 80\nufw allow in on eth1 to any port 443\n\n# Allow an IP Address to a specific port\nufw allow from 192.168.1.19 to any port 3306\n\n# Allow an entire subnet\nufw allow from 192.168.1.0/24\n\n# Allow an entire subnet to a specific port\nufw allow from 192.168.1.0/24 to any port 3306\n

Note that ufw won’t block macvlan ports for obvious reasons!

\n\n\n

\n \n

\n \n \n \n \n \n\n", "id": "65fb869e-ed3c-5bc6-9e42-5b720ceca3cc", "modified": "2026-01-13T18:47:28Z", "revisions": [ { "authorEmail": "mail@nikhil.io", "authorName": "Nikhil Anand", "date": "2026-01-13T18:47:28Z", "id": "2436477560f26e23d00a24add1cbfeafdca4af78", "shortId": "24364775", "subject": "No compression\n", "content": "`ufw` is a simple wrapper around `iptables` ([which can be rather complicated](https://github.com/afreeorange/iptables)). You can view all the rules the CLI adds in `/etc/ufw/user.rules`\n\n### Adding Rules and Enabling\n\nSome basic stuff for all interfaces.\n\n```bash\n# Block everything incoming\nufw default deny incoming\n\n# Allow all outgoing connections\nufw default allow outgoing\n\n# Allow a port\nufw allow 3306\n\n# Show list of apps that have registered themselves with ufw\n# These are in /etc/ufw/applications.d\nufw app list\n\n# Enable an app\nufw allow Samba\n\n# Show all added things (don't need a running firewall for this)\nufw show added\n\n# Enable the firewall\nufw enable\n\n# Check (running) firewall's status\nufw status verbose\n```\n\n### Deleting Rules\n\n```bash\n# Get the rule number\nufw status numbered\n\n# Remove the offending rule\nufw delete 3\n```\n\n### Denying Things\n\n```bash\n# Deny access to a port\nufw deny 22\n\n# Deny a host and subnet\nufw deny from 192.168.1.4\nufw deny from 192.168.1.0/24\n\n# Deny an outgoing connection\nufw deny out 22\n```\n\n### Other stuff\n\n```bash\n# Allow a port range\nufw allow 8000:8008/tcp\nufw allow 8000:8008/udp\n\n# Allow an IP Address\nufw allow from 192.168.1.19\n\n# Allow access to an interface\nufw allow in on eth1 to any port 80\nufw allow in on eth1 to any port 443\n\n# Allow an IP Address to a specific port\nufw allow from 192.168.1.19 to any port 3306\n\n# Allow an entire subnet\nufw allow from 192.168.1.0/24\n\n# Allow an entire subnet to a specific port\nufw allow from 192.168.1.0/24 to any port 3306\n```\n\nNote that `ufw` won't block `macvlan` ports for obvious reasons!\n" }, { "authorEmail": "mail@nikhil.io", "authorName": "Nikhil Anand", "date": "2023-01-09T21:57:58Z", "id": "4bc6f322b7686e8f565ee41f9aad01bdf5705536", "shortId": "4bc6f322", "subject": "Add note on location\n", "content": "`ufw` is a simple wrapper around `iptables` ([which can be rather complicated](https://github.com/afreeorange/iptables)). You can view all the rules the CLI adds in `/etc/ufw/user.rules`\n\n### Adding Rules and Enabling\n\nSome basic stuff for all interfaces.\n\n```bash\n# Block everything incoming\nufw default deny incoming\n\n# Allow all outgoing connections\nufw default allow outgoing\n\n# Allow a port\nufw allow 3306\n\n# Show list of apps that have registered themselves with ufw\n# These are in /etc/ufw/applications.d\nufw app list\n\n# Enable an app\nufw allow Samba\n\n# Show all added things (don't need a running firewall for this)\nufw show added\n\n# Enable the firewall\nufw enable\n\n# Check (running) firewall's status\nufw status verbose\n```\n\n### Deleting Rules\n\n```bash\n# Get the rule number\nufw status numbered\n\n# Remove the offending rule\nufw delete 3\n```\n\n### Denying Things\n\n```bash\n# Deny access to a port\nufw deny 22\n\n# Deny a host and subnet\nufw deny from 192.168.1.4\nufw deny from 192.168.1.0/24\n\n# Deny an outgoing connection\nufw deny out 22\n```\n\n### Other stuff\n\n```bash\n# Allow a port range\nufw allow 8000:8008/tcp\nufw allow 8000:8008/udp\n\n# Allow an IP Address\nufw allow from 192.168.1.19\n\n# Allow access to an interface\nufw allow in on eth1 to any port 80\nufw allow in on eth1 to any port 443\n\n# Allow an IP Address to a specific port\nufw allow from 192.168.1.19 to any port 3306\n\n# Allow an entire subnet\nufw allow from 192.168.1.0/24\n\n# Allow an entire subnet to a specific port\nufw allow from 192.168.1.0/24 to any port 3306\n```\n\nNote that `ufw` won't block `macvlan` ports for obvious reasons!\n" }, { "authorEmail": "mail@nikhil.io", "authorName": "Nikhil Anand", "date": "2023-01-09T21:51:13Z", "id": "48bc8a84caecd06786e92933fbb57106c6374ed0", "shortId": "48bc8a84", "subject": "Create ufw Notes.md\n", "content": "`ufw` is a simple wrapper around `iptables` ([which can be rather complicated](https://github.com/afreeorange/iptables)).\n\n### Adding Rules and Enabling\n\nSome basic stuff for all interfaces.\n\n```bash\n# Block everything incoming\nufw default deny incoming\n\n# Allow all outgoing connections\nufw default allow outgoing\n\n# Allow a port\nufw allow 3306\n\n# Show list of apps that have registered themselves with ufw\n# These are in /etc/ufw/applications.d\nufw app list\n\n# Enable an app\nufw allow Samba\n\n# Show all added things (don't need a running firewall for this)\nufw show added\n\n# Enable the firewall\nufw enable\n\n# Check (running) firewall's status\nufw status verbose\n```\n\n### Deleting Rules\n\n```bash\n# Get the rule number\nufw status numbered\n\n# Remove the offending rule\nufw delete 3\n```\n\n### Denying Things\n\n```bash\n# Deny access to a port\nufw deny 22\n\n# Deny a host and subnet\nufw deny from 192.168.1.4\nufw deny from 192.168.1.0/24\n\n# Deny an outgoing connection\nufw deny out 22\n```\n\n### Other stuff\n\n```bash\n# Allow a port range\nufw allow 8000:8008/tcp\nufw allow 8000:8008/udp\n\n# Allow an IP Address\nufw allow from 192.168.1.19\n\n# Allow access to an interface\nufw allow in on eth1 to any port 80\nufw allow in on eth1 to any port 443\n\n# Allow an IP Address to a specific port\nufw allow from 192.168.1.19 to any port 3306\n\n# Allow an entire subnet\nufw allow from 192.168.1.0/24\n\n# Allow an entire subnet to a specific port\nufw allow from 192.168.1.0/24 to any port 3306\n```\n\nNote that `ufw` won't block `macvlan` ports for obvious reasons!\n" } ], "sizeInBytes": 1603, "source": "`ufw` is a simple wrapper around `iptables` ([which can be rather complicated](https://github.com/afreeorange/iptables)). You can view all the rules the CLI adds in `/etc/ufw/user.rules`\n\n### Adding Rules and Enabling\n\nSome basic stuff for all interfaces.\n\n```bash\n# Block everything incoming\nufw default deny incoming\n\n# Allow all outgoing connections\nufw default allow outgoing\n\n# Allow a port\nufw allow 3306\n\n# Show list of apps that have registered themselves with ufw\n# These are in /etc/ufw/applications.d\nufw app list\n\n# Enable an app\nufw allow Samba\n\n# Show all added things (don't need a running firewall for this)\nufw show added\n\n# Enable the firewall\nufw enable\n\n# Check (running) firewall's status\nufw status verbose\n```\n\n### Deleting Rules\n\n```bash\n# Get the rule number\nufw status numbered\n\n# Remove the offending rule\nufw delete 3\n```\n\n### Denying Things\n\n```bash\n# Deny access to a port\nufw deny 22\n\n# Deny a host and subnet\nufw deny from 192.168.1.4\nufw deny from 192.168.1.0/24\n\n# Deny an outgoing connection\nufw deny out 22\n```\n\n### Other stuff\n\n```bash\n# Allow a port range\nufw allow 8000:8008/tcp\nufw allow 8000:8008/udp\n\n# Allow an IP Address\nufw allow from 192.168.1.19\n\n# Allow access to an interface\nufw allow in on eth1 to any port 80\nufw allow in on eth1 to any port 443\n\n# Allow an IP Address to a specific port\nufw allow from 192.168.1.19 to any port 3306\n\n# Allow an entire subnet\nufw allow from 192.168.1.0/24\n\n# Allow an entire subnet to a specific port\nufw allow from 192.168.1.0/24 to any port 3306\n```\n\nNote that `ufw` won't block `macvlan` ports for obvious reasons!\n", "title": "ufw Notes", "untracked": false, "uri": "/ufw_Notes", "relativePath": "ufw Notes.md" }