Difference between revisions of "En:HOWTO: Introduction Firewalling with UFW"

From Sabayon Wiki
Jump to: navigation, search
(adjust for systemd presence, fix typo, fix command)
(Remove OpenRC instructions)
 
(2 intermediate revisions by 2 users not shown)
Line 2: Line 2:
  
 
== Introduction ==
 
== Introduction ==
 +
 +
{{Warning| Please note that recent versions of Sabayon use systemd's [http://www.firewalld.org/ firewalld] instead of ufw.}}
  
 
During the installation of Sabayon Linux, there is a possibility in the
 
During the installation of Sabayon Linux, there is a possibility in the
 
Anaconda installer that you activate a firewall. That is actually a good idea.
 
Anaconda installer that you activate a firewall. That is actually a good idea.
  
Sabayon Linux is using "Uncomplicated Firewall" (UFW) to generate the iptables
+
In the repositories you can find ufw-frontends and kcm-ufw (KDE
rules. In the repositories you can find ufw-frontends and kcm-ufw (KDE
+
 
specific) as graphical interfaces to configure UFW, but in this article we're
 
specific) as graphical interfaces to configure UFW, but in this article we're
 
going to use the command-line interface.
 
going to use the command-line interface.
Line 16: Line 17:
 
== Enable / Disable UFW ==
 
== Enable / Disable UFW ==
  
=== With systemd ===
 
 
UFW is by default started with system while booting. You can check this with:
 
UFW is by default started with system while booting. You can check this with:
 
  # systemctl status ufw
 
  # systemctl status ufw
Line 27: Line 27:
  
 
It's better to disable / enable UFW with:
 
It's better to disable / enable UFW with:
# ufw disable
 
# ufw enable
 
 
=== With OpenRC ===
 
{{Note|Please note that OpenRC will be dropped in summer 2014.}}
 
UFW is by default added to the default boot. You can check this with:
 
 
# rc-update | grep ufw
 
 
You can remove it with:
 
 
# rc-update remove ufw default
 
 
But it's better to disable / enable UFW with:
 
 
 
  # ufw disable
 
  # ufw disable
 
  # ufw enable
 
  # ufw enable
Line 101: Line 86:
 
  # ufw status numbered
 
  # ufw status numbered
 
  # ufw delete <number>
 
  # ufw delete <number>
 +
 +
=Other Resources=
 +
 +
[https://launchpad.net/ufw Projekt Homepage]
 +
 +
[https://help.ubuntu.com/community/UFW UFW Documentation]
 +
  
 
[[Category:Firewalls|Introduction Firewalling with UFW]]
 
[[Category:Firewalls|Introduction Firewalling with UFW]]

Latest revision as of 13:28, 30 October 2016

{{i18n| en}

Introduction

Stop.png
Please note that recent versions of Sabayon use systemd's firewalld instead of ufw.

During the installation of Sabayon Linux, there is a possibility in the Anaconda installer that you activate a firewall. That is actually a good idea.

In the repositories you can find ufw-frontends and kcm-ufw (KDE specific) as graphical interfaces to configure UFW, but in this article we're going to use the command-line interface.

The manpage of UFW is very well documented, this article is just an introduction.

Enable / Disable UFW

UFW is by default started with system while booting. You can check this with:

# systemctl status ufw

You can disable it by:

# systemctl disable ufw

And enable again:

# systemctl enable ufw

It's better to disable / enable UFW with:

# ufw disable
# ufw enable

Open / Close ports for applications

You can open and close ports for a specific set of applications. To show the list of applications available use:

# ufw app list

Then you can open the port with:

# ufw allow <application>

Take ssh for example

# ufw allow ssh
# ufw deny ssh

Open / Close specific ports

If an application is not in the application list, you have to find out which port it's using. The file /etc/services can be helpful or

# ss -tul

Let's open udp port 53

# ufw allow 53/udp

You can be more specific, maybe you want only access from a specific range to your ssh server. If you use the parameter "allow ssh", this is what actually happening:

# ufw allow proto tcp from any to any port 22

To be more restrictive:

# ufw allow proto tcp from 192.168.0.0/24 to any port 22

Delete rules

If you want to delete rules, then you have to know which rules are available:

# ufw show added

Maybe you see somehing like "ufw deny 53/udp". Actually it's a summarization of:

# ufw deny proto udp from any to any port 53

You can delete the rule with:

# ufw delete deny proto udp from any to any port 53

Another way:

# ufw status numbered
# ufw delete <number>

Other Resources

Projekt Homepage

UFW Documentation