Publish: 2023-05-05 | Modify: 2023-05-05
xiaoz used to use the Redhat series CentOS as the server operating system. However, since CentOS Stream became the rolling update preview version of RHEL, xiaoz has gradually shifted towards Debian. Although it took some time to get used to it at first, xiaoz found Debian to be still very user-friendly.
Take firewall management as an example, I used firewalld on CentOS, but after switching to Debian, I found ufw to be simpler and easier to use. This article will share a quick start guide for ufw.
ufw (Uncomplicated Firewall) is a simplified and user-friendly Linux firewall tool designed to make it easy for users to manage iptables firewall rules. It provides users with an intuitive and easy-to-understand command-line interface, making it easier to configure firewall rules.
Some key features and functions of ufw include:
To install ufw on Debian, Ubuntu, or its derivatives, open a terminal and execute the following commands:
# Install ufw
sudo apt-get update
sudo apt-get install ufw
Then start ufw:
# Start ufw
sudo ufw enable
# Enable ufw at boot
sudo systemctl enable ufw
Execute sudo ufw status
to check the current status, which usually has 3 states:
ufw commands are much simpler compared to firewalld. For example, if you want to allow a single port, you only need to execute:
# Replace <port> with the specific port number you want to allow. For example, to allow TCP port 80, you can execute sudo ufw allow 80.
sudo ufw allow <port>
If you need to allow a specific protocol for a port, you need to specify the protocol:
# Replace <port> with the port number, and <protocol> with the protocol type (e.g., tcp, udp). For example, to allow UDP port 53, you can execute sudo ufw allow 53/udp.
sudo ufw allow <port>/<protocol>
To allow a range of ports:
sudo ufw allow <start-port>:<end-port>/<protocol>
Replace <start-port>
with the starting port number, <end-port>
with the ending port number, and <protocol>
with the protocol. For example, to allow a TCP port range from 8000 to 9000, you can execute sudo ufw allow 8000:9000/tcp
.
To delete added rules in ufw (Uncomplicated Firewall), you can delete them either by rule number or specific allow condition. Here are two methods:
Method 1: Delete by rule number
First, run the following command to view the current status and existing rules of ufw:
sudo ufw status numbered
This will display a numbered list of rules.
Identify the number of the rule you want to delete, then use the following command to delete it, replacing [rule_number]
with the actual rule number:
sudo ufw delete [rule_number]
For example, to delete rule number 1, run:
sudo ufw delete 1
Method 2: Delete by allow condition
You can also delete rules by specifying the allow condition, such as the port and protocol. For example, to delete a rule that allows TCP port 80, you can run:
sudo ufw delete allow 80/tcp
Or, if you want to delete a rule that allows UDP port 5000, you can run:
sudo ufw delete allow 5000/udp
After deleting the rule, run sudo ufw status
again to confirm that the selected rule has been removed from ufw.
To block connections from a specific IP (e.g., 123.57.22.204), use the following command:
sudo ufw deny from 123.57.22.204
To allow a specific IP to access a specific port, use the following command. Replace [ip_address]
with the actual IP address you want to allow, [port_number]
with the actual port number you want to allow access to, and [protocol]
with tcp
or udp
depending on the protocol you want to allow:
sudo ufw allow from [ip_address] to any port [port_number]/[protocol]
For example, to allow IP address 192.168.1.10
to access TCP port 22
, you can run:
sudo ufw allow from 192.168.1.10 to any port 22/tcp
ufw is an easy-to-use and powerful firewall management tool that makes it easier to configure firewall rules on Linux systems. Whether you are a Linux beginner or an experienced administrator, ufw is a tool worth trying out.
I come from China and I am a freelancer. I specialize in Linux operations, PHP, Golang, and front-end development. I have developed open-source projects such as Zdir, ImgURL, CCAA, and OneNav.