من خلال terminal
-
First, ufw needs to be enabled. From a terminal prompt enter:
sudo ufw enable -
To open a port (ssh in this example):
sudo ufw allow 22 -
Rules can also be added using a numbered format:
sudo ufw insert 1 allow 80 -
Similarly, to close an opened port:
sudo ufw deny 22 -
To remove a rule, use delete followed by the rule:
sudo ufw delete deny 22 -
It is also possible to allow access from specific hosts or networks to a port. The following example allows ssh access from host 192.168.0.2 to any ip address on this host:
sudo ufw allow proto tcp from 192.168.0.2 to any port 22Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire subnet. -
Adding the --dry-run option to a ufw command will output the resulting rules, but not apply them. For example, the following is what would be applied if opening the HTTP port:
sudo ufw --dry-run allow http*filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 -A ufw-user-input -p tcp --dport 80 -j ACCEPT ### END RULES ### -A ufw-user-input -j RETURN -A ufw-user-output -j RETURN -A ufw-user-forward -j RETURN -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT]: " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT Rules updated -
ufw can be disabled by:
sudo ufw disable -
To see the firewall status, enter:
sudo ufw status -
And for more verbose status information use:
sudo ufw status verbose -
To view the numbered format:
sudo ufw status numbered
ليست هناك تعليقات:
إرسال تعليق