Under Ubuntu more simple firewall Uncomplicated Firewall

we all know,Among Linux system has a very fast hardware firewall is called iptables,It can do far exceeds the scope of the firewall, but ......,usually,We only used it as a firewall to use。

but,If you just want a port policy,That does not seem to need to face iptables That lengthy configuration commands。Now,I'll introduce you to the other, a more simple firewall:

Uncomplicated Firewall

A look at the name on the very clear "no complex firewall" Yes,It is ufw,in Ubuntu Operating system which has been built,Use it to quickly and easily operate the firewall features,For example, switch port,IP Access,Limit the connection, etc., etc.。It is with a range of almost all Linux firewall,Iptables is used as a background,So,You can also in iptables On to do more custom,Both can be used together of course ......,I do not recommend you do。iptables rules to give priority to ufw

Recommended reason ufw,This is because the goods inside the built-in Ubuntu,So just built vps you can use it to quickly deploy it!

Based switch command

note,If you are connected to the server via ssh,Then you should add a rule,Then open the firewall,Otherwise the consequences。

Said here about,ufw enable the firewall will automatically configure the boot,Disable boot is canceled。

Basic control commands

Generally, we can use allow and deny Option to allow or disallow connections,Followed by the port number or protocol name will do,With a slash "/" Split,Then you can explicitly additional TCP or UDP,Without adding theBoth are considered default。Other,We generally prefer to configure the input entry,If you want to control output entry,It can explicitly stressed in or out between the port number and allow or deny,Of course, certainly in default。

Here are a few chestnuts:

Advanced control command

And allow、deny corresponding options,In fact, there limit and reject,The former is used to limit the number of connections within 30 seconds,More than six times out automatically deny IP;The latter and deny the same function,butwill notreturn"You are refused"Message。

If you have multiple network cards,So on additional options after emphasize in and out,You can make policy for a certain card,For chestnuts:

Add more complex control statements

By editing the file:

To add more complex、ufw command can not support iptables control statements,For example, open or nat forwarding address masquerading, etc.,It iptables command format and command the same format - for loading these files is iptables-restore

of course,After modifying these two files,You need to reboot in order to make them take effect ufw。

Further reading

All right,Basically common presentation so much,If you want to use the more advanced features,Please move:

Ufw Guide

Uncomplicated Firewall

Another:If you use the desktop version,This stock is in fact there are graphic terminal,Called the Gufw。😜

Original article written by Gerber drop-off:R0uter's Blog » Under Ubuntu more simple firewall Uncomplicated Firewall

Reproduced Please keep the source and description link:https://www.logcg.com/archives/988.html

About the Author


The non-declaration,I have written articles are original,Reproduced, please indicate the link on this page and my name。


Leave a Reply

Your email address will not be published. Required fields are marked *