Skip to content

Ubuntu UFW防火墙设置

安装

sh
root@4144e8c22fff:/# apt-get install ufw -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  file iptables libexpat1 libip4tc2 libip6tc2 libmagic-mgc libmagic1 libmnl0 libmpdec2 libnetfilter-conntrack3
  libnfnetlink0 libnftnl11 libpython3-stdlib libpython3.8-minimal libpython3.8-stdlib libreadline8 libsqlite3-0
  libssl1.1 libxtables12 mime-support netbase python3 python3-minimal python3.8 python3.8-minimal readline-common ucf
  xz-utils
Suggested packages:
  firewalld kmod nftables python3-doc python3-tk python3-venv python3.8-venv python3.8-doc binutils binfmt-support
  readline-doc rsyslog
The following NEW packages will be installed:
  file iptables libexpat1 libip4tc2 libip6tc2 libmagic-mgc libmagic1 libmnl0 libmpdec2 libnetfilter-conntrack3
  libnfnetlink0 libnftnl11 libpython3-stdlib libpython3.8-minimal libpython3.8-stdlib libreadline8 libsqlite3-0
  libssl1.1 libxtables12 mime-support netbase python3 python3-minimal python3.8 python3.8-minimal readline-common ucf
  ufw xz-utils
0 upgraded, 29 newly installed, 0 to remove and 1 not upgraded.
...
...
...省略

查看版本和帮助信息

sh
root@4144e8c22fff:/# ufw version
ufw 0.36
Copyright 2008-2015 Canonical Ltd.
root@4144e8c22fff:/# ufw --help

Usage: ufw COMMAND

Commands:
 enable                          enables the firewall
 disable                         disables the firewall
 default ARG                     set default policy
 logging LEVEL                   set logging to LEVEL
 allow ARGS                      add allow rule
 deny ARGS                       add deny rule
 reject ARGS                     add reject rule
 limit ARGS                      add limit rule
 delete RULE|NUM                 delete RULE
 insert NUM RULE                 insert RULE at NUM
 route RULE                      add route RULE
 route delete RULE|NUM           delete route RULE
 route insert NUM RULE           insert route RULE at NUM
 reload                          reload firewall
 reset                           reset firewall
 status                          show firewall status
 status numbered                 show firewall status as numbered list of RULES
 status verbose                  show verbose firewall status
 show ARG                        show firewall report
 version                         display version information

Application profile commands:
 app list                        list application profiles
 app info PROFILE                show information on PROFILE
 app update PROFILE              update PROFILE
 app default ARG                 set default application policy

启用防火墙

sh
root@4144e8c22fff:/# ufw enable
Firewall is active and enabled on system startup

查看防火墙状态

sh
root@4144e8c22fff:/# ufw status
Status: active

关闭一切外部对本机的访问

sh
root@4144e8c22fff:/# ufw default deny 
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)

重启防火墙

sh
root@4144e8c22fff:/# ufw reload
Status: active

防火墙放行80端口

sh
root@4144e8c22fff:/# ufw allow 80/tcp
Status: active

查看端口放行状态

sh
root@4144e8c22fff:/# ufw status
Status: active

To                         Action      From
--                         ------      ----
80/tcp                     ALLOW       Anywhere
80/tcp (v6)                ALLOW       Anywhere (v6)

防火墙禁止80端口

sh
root@4144e8c22fff:/# ufw delete allow 80/tcp
Rule deleted
Rule deleted (v6)
root@4144e8c22fff:/# ufw status
Status: active

允许IP访问所有的本机端口

允许192.168.12.1访问本机上面的所有端口:

sh
root@4144e8c22fff:/# ufw allow from 192.168.12.1
Rule added
root@4144e8c22fff:/# ufw status
Status: active

To                         Action      From
--                         ------      ----
Anywhere                   ALLOW       192.168.12.1

参考:

本首页参考 https://notes.fe-mm.com/ 配置而成