sudo ufw enableThis turns the firewall on and sets it to activate at boot. To turn it back off, swich the keyword enable for disable. This firewall is based upon rules. You set rules to either allow or deny services or ports. To enable a service, like SSH, for example, enter this command:
sudo ufw allow sshTo explicitly deny a service, switch the allow keyword for deny. To remove this rule, type:
sudo ufw delete allow sshTo explicitly allow a specific port:
sudo ufw allow [port]You can optionally specify the protocol to allow following the port number. For example, to allow TCP connections on port 231 you would type:
sudo ufw allow 231/tcpTo set the default behavior for services and ports that have do not have explicit rules:
sudo ufw default denyIf you wish to allow connections by default, switch the deny keyword for allow. You can check the status of the firewall and the existing rules with:
ufw statusThese might be some other useful services to enable:
- mysql (database included as part of the LAMP stack)
- www (allows connections to your webserver)
- microsoft-ds (Windows file sharing a.k.a. Samba)
When configuring your firewall, general rule of thumb is to make it as restrictive as possible. That means to only open those ports you have to and other keep the system locked down. For this reason the default behavior on my firewall is to deny all connections except for those that are explicitly allowed.
If you are interested in a firewall with a GUI, you may find this article to be helpful.
No comments:
Post a Comment