Header Ads

Breaking News

Linux firewall basics with ufw


The ufw (uncomplicated firewall) represents a serious simplification to iptables and, in the years that it’s been available, has become the default firewall on systems such as Ubuntu and Debian. And, yes, ufw is surprisingly uncomplicated – a boon for newer admins who might otherwise have to invest a lot of time to get up to speed on firewall management.

GUIs are available for ufw (like gufw), but ufw commands are generally issued on the command line. This post examines some commands for using ufw and looks into how it works.

First, one quick way to see how ufw is configured is to look at its configuration file – /etc/default/ufw. In the command below, we display the settings, using grep to suppress the display of both blank lines and comments (line starting with #).

$ grep -v '^#|^$' /etc/default/ufw
IPV6=yes
DEFAULT_INPUT_POLICY="DROP"
DEFAULT_OUTPUT_POLICY="ACCEPT"
DEFAULT_FORWARD_POLICY="DROP"
DEFAULT_APPLICATION_POLICY="SKIP"
MANAGE_BUILTINS=no
IPT_SYSCTL=/etc/ufw/sysctl.conf
IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns"

As you can see, the default policy is to drop input and allow output. Additional rules that allow the connections that you specifically want to be accept are configured separately.

The basic syntax for ufw commands might look like thee below, though this synopsis is not meant to imply that typing only “ufw” will get you further than a quick error telling you that arguments are required.

ufw [--dry-run] [options] [rule syntax]

The –dry-run option means that ufw won’t run the command you specify, but will show you the results that you would see if it did. It will, however, display the entire set of rules as they would exist if the change were made, so be prepared for more than a few lines of output.

Copyright © 2020 IDG Communications, Inc.

Source link

No comments