安装

sudo apt update 
sudo apt install -y ufw

使用

Usage: ufw COMMAND

Commands:
 enable                          enables the firewall
 disable                         disables the firewall
 default ARG                     set default policy
 logging LEVEL                   set logging to LEVEL
 allow ARGS                      add allow rule
 deny ARGS                       add deny rule
 reject ARGS                     add reject rule
 limit ARGS                      add limit rule
 delete RULE|NUM                 delete RULE
 insert NUM RULE                 insert RULE at NUM
 prepend RULE                    prepend RULE
 route RULE                      add route RULE
 route delete RULE|NUM           delete route RULE
 route insert NUM RULE           insert route RULE at NUM
 reload                          reload firewall
 reset                           reset firewall
 status                          show firewall status
 status numbered                 show firewall status as numbered list of RULES
 status verbose                  show verbose firewall status
 show ARG                        show firewall report
 version                         display version information

Application profile commands:
 app list                        list application profiles
 app info PROFILE                show information on PROFILE
 app update PROFILE              update PROFILE
 app default ARG                 set default application policy

基本方法

  1. 开启防火墙:ufw enable
  2. 允许ssh连接:ufw allow ssh
  3. 查看状态:ufw status verbose

设置端口规则

ufw激活后的默认的策略是允许出去,不允许流量进来 (配置文件位置:/etc/default/ufw)

  1. 修改端口规则:ufw allow port_number/protocol
  2. 配置防火墙规则:
    示例
  • 允许http连接:sudo ufw allow http
  • 阻止http连接:sudo ufw denty http
  • 配置tcp某一个端口允许(allow)/阻止(denty):sudo ufw allow 22/tcp
  • 配置udp某一个端口允许(allow)/阻止(denty):sudo ufw allow 22/udp
  • 配置udp/tcp 某一个端口允许(allow)/阻止(denty):sudo ufw allow 22
  • 配置一组端口号:sudo ufw allow 22:55
  • 指定一个特定ip:sudo ufw allow from xxx.xxx.xxx.xxx
  • 指定特定ip连接到特定端口:sudo ufw allow from xxx.xxx.xxx.xxx to any poart 22
  • 指定特定的子网连接:sudo ufw allow from xxx.xxx.xxx.xxx/24
  1. 删除端口规则:sudo ufw delete allow 22/tcp(规则前面使用delete)
  2. 查看配置的序列进行删除:
    1. ufw status numbered

2. `ufw delete [number]`