Difference between revisions of "En:HOWTO: Introduction Firewalling with UFW"

From Sabayon Wiki
Jump to: navigation, search
(adjust for systemd presence, fix typo, fix command)
(Remove OpenRC instructions)
 
(2 intermediate revisions by 2 users not shown)
Line 2: Line 2:
  
 
== Introduction ==
 
== Introduction ==
 +
 +
{{Warning| Please note that recent versions of Sabayon use systemd's [http://www.firewalld.org/ firewalld] instead of ufw.}}
  
 
During the installation of Sabayon Linux, there is a possibility in the
 
During the installation of Sabayon Linux, there is a possibility in the
 
Anaconda installer that you activate a firewall. That is actually a good idea.
 
Anaconda installer that you activate a firewall. That is actually a good idea.
  
Sabayon Linux is using "Uncomplicated Firewall" (UFW) to generate the iptables
+
In the repositories you can find ufw-frontends and kcm-ufw (KDE
rules. In the repositories you can find ufw-frontends and kcm-ufw (KDE
 
 
specific) as graphical interfaces to configure UFW, but in this article we're
 
specific) as graphical interfaces to configure UFW, but in this article we're
 
going to use the command-line interface.
 
going to use the command-line interface.
Line 16: Line 17:
 
== Enable / Disable UFW ==
 
== Enable / Disable UFW ==
  
=== With systemd ===
 
 
UFW is by default started with system while booting. You can check this with:
 
UFW is by default started with system while booting. You can check this with:
 
  # systemctl status ufw
 
  # systemctl status ufw
Line 27: Line 27:
  
 
It's better to disable / enable UFW with:
 
It's better to disable / enable UFW with:
# ufw disable
 
# ufw enable
 
 
=== With OpenRC ===
 
{{Note|Please note that OpenRC will be dropped in summer 2014.}}
 
UFW is by default added to the default boot. You can check this with:
 
 
# rc-update | grep ufw
 
 
You can remove it with:
 
 
# rc-update remove ufw default
 
 
But it's better to disable / enable UFW with:
 
 
 
  # ufw disable
 
  # ufw disable
 
  # ufw enable
 
  # ufw enable
Line 101: Line 86:
 
  # ufw status numbered
 
  # ufw status numbered
 
  # ufw delete <number>
 
  # ufw delete <number>
 +
 +
=Other Resources=
 +
 +
[https://launchpad.net/ufw Projekt Homepage]
 +
 +
[https://help.ubuntu.com/community/UFW UFW Documentation]
 +
  
 
[[Category:Firewalls|Introduction Firewalling with UFW]]
 
[[Category:Firewalls|Introduction Firewalling with UFW]]

Latest revision as of 13:28, 30 October 2016

{{i18n| en}

Introduction

Stop.png
Please note that recent versions of Sabayon use systemd's firewalld instead of ufw.

During the installation of Sabayon Linux, there is a possibility in the Anaconda installer that you activate a firewall. That is actually a good idea.

In the repositories you can find ufw-frontends and kcm-ufw (KDE specific) as graphical interfaces to configure UFW, but in this article we're going to use the command-line interface.

The manpage of UFW is very well documented, this article is just an introduction.

Enable / Disable UFW

UFW is by default started with system while booting. You can check this with:

# systemctl status ufw

You can disable it by:

# systemctl disable ufw

And enable again:

# systemctl enable ufw

It's better to disable / enable UFW with:

# ufw disable
# ufw enable

Open / Close ports for applications

You can open and close ports for a specific set of applications. To show the list of applications available use:

# ufw app list

Then you can open the port with:

# ufw allow <application>

Take ssh for example

# ufw allow ssh
# ufw deny ssh

Open / Close specific ports

If an application is not in the application list, you have to find out which port it's using. The file /etc/services can be helpful or

# ss -tul

Let's open udp port 53

# ufw allow 53/udp

You can be more specific, maybe you want only access from a specific range to your ssh server. If you use the parameter "allow ssh", this is what actually happening:

# ufw allow proto tcp from any to any port 22

To be more restrictive:

# ufw allow proto tcp from 192.168.0.0/24 to any port 22

Delete rules

If you want to delete rules, then you have to know which rules are available:

# ufw show added

Maybe you see somehing like "ufw deny 53/udp". Actually it's a summarization of:

# ufw deny proto udp from any to any port 53

You can delete the rule with:

# ufw delete deny proto udp from any to any port 53

Another way:

# ufw status numbered
# ufw delete <number>

Other Resources

Projekt Homepage

UFW Documentation