Jorge Saldívar

Tag: ufw

  • UFW Cheatsheet

    UFW Cheatsheet

    Here’s a comprehensive sudo ufw (Uncomplicated Firewall) cheatsheet for managing firewall rules on an Ubuntu server:

    Basic UFW Commands

    • Enable UFW:
      sudo ufw enable
    • Disable UFW:
      sudo ufw disable
    • Check UFW Status:
      sudo ufw status
    • Use sudo ufw status verbose for detailed output.
    • Reset UFW (removes all rules and disables UFW):
      sudo ufw reset

    Allowing Connections

    • Allow a Specific Port:
      sudo ufw allow <port>
    • Example: sudo ufw allow 22 (allows SSH)
    • Allow a Port with a Specific Protocol:
      sudo ufw allow <port>/<protocol>
    • Example: sudo ufw allow 80/tcp (allows HTTP)
    • Allow a Range of Ports:
      sudo ufw allow <start port>:<end port>/protocol
    • Example: sudo ufw allow 1000:2000/tcp
    • Allow Connections from a Specific IP:
      sudo ufw allow from <IP>
    • Example: sudo ufw allow from 192.168.1.100
    • Allow Connections from an IP to a Specific Port:
      sudo ufw allow from <IP> to any port <port>
    • Example: sudo ufw allow from 192.168.1.100 to any port 22
    • Allow Subnet:
      sudo ufw allow from <subnet>
    • Example: sudo ufw allow from 192.168.1.0/24

    Denying Connections

    • Deny a Specific Port:
      sudo ufw deny <port>
    • Example: sudo ufw deny 23 (denies Telnet)
    • Deny a Port with a Specific Protocol:
      sudo ufw deny <port>/<protocol>
    • Example: sudo ufw deny 80/tcp
    • Deny Connections from a Specific IP:
      sudo ufw deny from <IP>
    • Example: sudo ufw deny from 192.168.1.100

    Deleting Rules

    • Delete a Rule by Rule Number:
      sudo ufw status numbered
    • Then use sudo ufw delete <rule number>
    • Delete an Allow Rule:
      sudo ufw delete allow <port>
    • Example: sudo ufw delete allow 22
    • Delete a Deny Rule:
      sudo ufw delete deny <port>
    • Example: sudo ufw delete deny 23

    Advanced UFW Usage

    • Enable UFW Logging:
      sudo ufw logging on
    • off to disable logging.
    • Set Default Policies (Deny Incoming and Allow Outgoing):
      sudo ufw default deny incoming
      sudo ufw default allow outgoing
    • Set Default Policies (Allow Incoming and Deny Outgoing):
      sudo ufw default allow incoming
      sudo ufw default deny outgoing
    • Limit Connections (Rate Limiting):
      sudo ufw limit <port>
    • Example: sudo ufw limit ssh (limits SSH connections to prevent brute force attacks)
    • Allow Specific Service by Name:
      sudo ufw allow <service>
    • Example: sudo ufw allow OpenSSH
    • App Profiles (View Available Profiles):
      sudo ufw app list
    • Allow Application Profile:
      sudo ufw allow <app profile>
    • Example: sudo ufw allow 'Apache Full'

    Checking UFW Status and Rules

    • Check UFW Status:
      sudo ufw status
    • Check UFW Status in Verbose Mode:
      sudo ufw status verbose
    • Check UFW Status with Rule Numbers:
      sudo ufw status numbered

    Other Useful Commands

    • Reload UFW to Apply Changes:
      sudo ufw reload
    • Show Detailed Report:
      sudo ufw show raw
    • This displays the raw iptables rules used by UFW.

    This cheatsheet covers common UFW commands and options, providing a solid reference for managing firewall settings on Ubuntu.