ufw
Verify Status
sudo ufw status
#output
Status: inactive
--OR--
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skipEnable the FW
sudo ufw enable
#output
Firewall is active and enabled on system startupDisable the FW
sudo ufw disableSee FW Rules
sudo ufw status
#output
Status: active
To Action From
-- ------ ----
Anywhere DENY 10.10.10.10 Change the Default Policy
sudo ufw default deny outgoing
sudo ufw default deny incomingView ufw App List
sudo ufw app list | grep Nginx
#output
Nginx Full
Nginx HTTP
Nginx HTTPSBlock an IP Address/Subnet
sudo ufw deny from 10.10.10.10
sudo ufw deny from 10.10.10.10/24Block Incoming Connections to a Network Interface
sudo ufw deny in on eth0 from 10.10.10.10Allow Incoming Connections to a Network Interface
sudo ufw allow in on eth0 from 10.10.10.10Allow an IP in
sudo ufw allow from 10.10.10.10Deleting Rules
sudo ufw status numbered
#output
Status: active
To Action From
-- ------ ----
[ 1] Anywhere DENY IN 10.10.10.10
[ 2] Anywhere on eth0 ALLOW IN 10.10.10.11
#now delete the rule
sudo ufw delete 1 Allow by Application
sudo ufw allow “OpenSSH”
#output
Rule added
Rule added (v6)Disable by Application
#get status
sudo ufw status
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Nginx Full ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
#remove the service you want to deny
sudo ufw allow "Nginx HTTPS"
--OR--
sudo ufw delete allow "Nginx Full"Credit and Further Reading
https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commands
Last updated