Difference between revisions of "En:HOWTO: Introduction Firewalling with UFW"

From Sabayon Wiki
Jump to: navigation, search
(first submit)
 
(Remove OpenRC instructions)
 
(3 intermediate revisions by 2 users not shown)
Line 2: Line 2:
  
 
== Introduction ==
 
== Introduction ==
 +
 +
{{Warning| Please note that recent versions of Sabayon use systemd's [http://www.firewalld.org/ firewalld] instead of ufw.}}
  
 
During the installation of Sabayon Linux, there is a possibility in the
 
During the installation of Sabayon Linux, there is a possibility in the
 
Anaconda installer that you activate a firewall. That is actually a good idea.
 
Anaconda installer that you activate a firewall. That is actually a good idea.
  
Sabayon Linux is using "Uncomplicated Firewall" (UFW) to generate the iptables
+
In the repositories you can find ufw-frontends and kcm-ufw (KDE
rules. In the repositories you can find ufw-frontends and kcm-ufw (KDE
+
 
specific) as graphical interfaces to configure UFW, but in this article we're
 
specific) as graphical interfaces to configure UFW, but in this article we're
 
going to use the command-line interface.
 
going to use the command-line interface.
Line 16: Line 17:
 
== Enable / Disable UFW ==
 
== Enable / Disable UFW ==
  
UFW is by default added to the default boot. You can check this with:
+
UFW is by default started with system while booting. You can check this with:
 +
# systemctl status ufw
  
  # sudo rc-update | grep ufw
+
You can disable it by:
 +
  # systemctl disable ufw
  
You can remove it with:
+
And enable again:
 +
# systemctl enable ufw
  
# sudo rc-update remove ufw default
+
It's better to disable / enable UFW with:
 
+
  # ufw disable
But it's better to disable / enable UFW with:
+
  # ufw enable
 
+
  # sudo ufw disable
+
  # sudo ufw enable
+
  
 
== Open / Close ports for applications ==
 
== Open / Close ports for applications ==
Line 34: Line 35:
 
list of applications available use:
 
list of applications available use:
  
  # sudo ufw app list
+
  # ufw app list
  
 
Then you can open the port with:
 
Then you can open the port with:
  
  # sudo ufw allow <application>
+
  # ufw allow <application>
  
 
Take ssh for example
 
Take ssh for example
  
  # sudo ufw allow ssh
+
  # ufw allow ssh
  # sudo ufw deny ssh
+
  # ufw deny ssh
  
 
== Open / Close specific ports ==
 
== Open / Close specific ports ==
  
 
If an application is not in the application list, you have to find out which
 
If an application is not in the application list, you have to find out which
port it's using. The file /etc/services can be helpfull or
+
port it's using. The file /etc/services can be helpful or
  
  # sudo ss -tul
+
  # ss -tul
  
 
Let's open udp port 53
 
Let's open udp port 53
  
  # sudo ufw allow 53/udp
+
  # ufw allow 53/udp
  
 
You can be more specific, maybe you want only access from a specific range to
 
You can be more specific, maybe you want only access from a specific range to
Line 60: Line 61:
 
happening:
 
happening:
  
  # sudo ufw allow proto tcp from any to any port 22
+
  # ufw allow proto tcp from any to any port 22
  
 
To be more restrictive:
 
To be more restrictive:
  
  # sudo ufw allow proto tcp from 192.168.0.0/24 to any port 22
+
  # ufw allow proto tcp from 192.168.0.0/24 to any port 22
  
 
== Delete rules ==
 
== Delete rules ==
Line 70: Line 71:
 
If you want to delete rules, then you have to know which rules are available:
 
If you want to delete rules, then you have to know which rules are available:
  
  # sudo ufw show added
+
  # ufw show added
  
 
Maybe you see somehing like "ufw deny 53/udp". Actually it's a summarization
 
Maybe you see somehing like "ufw deny 53/udp". Actually it's a summarization
 
of:
 
of:
  
  # sudo ufw deny proto udp from any to any port 53
+
  # ufw deny proto udp from any to any port 53
  
 
You can delete the rule with:
 
You can delete the rule with:
  
  # sudo ufw delete deny proto udp from any to any port 53
+
  # ufw delete deny proto udp from any to any port 53
  
 
Another way:
 
Another way:
  
  # sudo ufw status numbered
+
  # ufw status numbered
  # sudo delete <number>
+
  # ufw delete <number>
 +
 
 +
=Other Resources=
 +
 
 +
[https://launchpad.net/ufw Projekt Homepage]
 +
 
 +
[https://help.ubuntu.com/community/UFW UFW Documentation]
 +
 
  
 
[[Category:Firewalls|Introduction Firewalling with UFW]]
 
[[Category:Firewalls|Introduction Firewalling with UFW]]

Latest revision as of 13:28, 30 October 2016

{{i18n| en}

Introduction

Stop.png
Please note that recent versions of Sabayon use systemd's firewalld instead of ufw.

During the installation of Sabayon Linux, there is a possibility in the Anaconda installer that you activate a firewall. That is actually a good idea.

In the repositories you can find ufw-frontends and kcm-ufw (KDE specific) as graphical interfaces to configure UFW, but in this article we're going to use the command-line interface.

The manpage of UFW is very well documented, this article is just an introduction.

Enable / Disable UFW

UFW is by default started with system while booting. You can check this with:

# systemctl status ufw

You can disable it by:

# systemctl disable ufw

And enable again:

# systemctl enable ufw

It's better to disable / enable UFW with:

# ufw disable
# ufw enable

Open / Close ports for applications

You can open and close ports for a specific set of applications. To show the list of applications available use:

# ufw app list

Then you can open the port with:

# ufw allow <application>

Take ssh for example

# ufw allow ssh
# ufw deny ssh

Open / Close specific ports

If an application is not in the application list, you have to find out which port it's using. The file /etc/services can be helpful or

# ss -tul

Let's open udp port 53

# ufw allow 53/udp

You can be more specific, maybe you want only access from a specific range to your ssh server. If you use the parameter "allow ssh", this is what actually happening:

# ufw allow proto tcp from any to any port 22

To be more restrictive:

# ufw allow proto tcp from 192.168.0.0/24 to any port 22

Delete rules

If you want to delete rules, then you have to know which rules are available:

# ufw show added

Maybe you see somehing like "ufw deny 53/udp". Actually it's a summarization of:

# ufw deny proto udp from any to any port 53

You can delete the rule with:

# ufw delete deny proto udp from any to any port 53

Another way:

# ufw status numbered
# ufw delete <number>

Other Resources

Projekt Homepage

UFW Documentation