 | |
|
Mastering The Complex SaleTechnology news and Jobs 
The Linux distillery ufw ftw! Ubuntu 8.04’s uncomplicated firewall
The Linux distillery ufw ftw! Ubuntu 8.04’s uncomplicated firewall | ufw ftw! Ubuntu 8.04’s uncomplicated firewall |
|
|
|
| by David M Williams | |
| Thursday, 03 April 2008 | |
|
Page 1 of 3 Firstly, to set the default policy to drop (deny) all connections: sudo ufw default deny Then to permit TCP connections on port 22 sudo ufw allow 22/tcp You can allow or deny any individual port; for instance if you wished to prevent SMTP connections but not modify any other rules you would type sudo ufw deny 25 This drops all connections coming in to port 25 – whether by TCP or UDP. As you can see from the above suggestion, we can specify whether the rules refer to TCP or UDP on an individual basis, or by omitting to specify both protocol forms are counted. Additionally, ufw knows the names of all standard protocols. There’s no need for you to be cognoscente that SMTP is commonly port 25. The same command can also be written as sudo ufw deny smtp This therefore means you can turn on or off web traffic, e-mail, ftp, telnet, ssh and any and all common ports without having to look up what the underlying port numbers actually are. The service name matches what is listed in /etc/services. You can also route traffic between source and destination IP addresses like so: sudo ufw allow proto udp 192.168.0.1 port 53 to 192.168.0.2 port 53 The port numbers need not match if you wish to remap ports; perhaps you want to make your web server hidden from casual browsers; you might thus require people to use port 8080 when viewing it (e.g. http://website:8080); by using ufw in this way you can redirect incoming traffic on port 8080 to port 80 on your web server without actually opening port 80 to external users or exposing that machine to the internet. Your rules can be easily revoked with commands like this: sudo ufw delete allow 22/tcp This now removes the rule we added earlier, to permit inbound traffic on TCP port 22. It’s not uncommon that you might permit unrestricted traffic from a specific static IP address. ufw caters for this with commands like sudo ufw allow from 192.168.1.50 And then, of course, it can be revoked with the equivalent delete command: sudo ufw delete allow from 192.168.1.50 All this said, by default ufw is disabled. That’s because Ubuntu’s team don’t wish to impose a new tool upon users without their explicit acceptance. Further, users may have their own existing firewall system in place – be it iptables or something else. So, the first thing you’ll need to do with ufw is actually turn it on and make it persistent so it starts upon reboot. How do we do this? Please read on. CONTINUED |
| < Next story in category | Previous story in the category > |
|---|
