“Ufw on debian”的版本间的差异

来自linux中国网wiki
跳到导航 跳到搜索
第5行: 第5行:
 
apt  install ufw  
 
apt  install ufw  
 
ufw enable  
 
ufw enable  
 +
 +
sudo ufw default allow outgoing
 +
sudo ufw default deny incoming
 +
 
  ufw  allow ssh  
 
  ufw  allow ssh  
 
  ufw  allow  www
 
  ufw  allow  www

2020年2月28日 (五) 06:23的版本


线上一般的结合操作

apt  install ufw 
ufw enable 

sudo ufw default allow outgoing
sudo ufw default deny incoming

 ufw  allow ssh 
 ufw  allow  www

etc 


正常返回如下 

 ufw  status 
Status: active

To                         Action      From
--                         ------      ----
SSH                        ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
SSH (v6)                   ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)  

* install

apt  install ufw

* Configuration

 ufw enable 
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup


UFW’s defaults are to deny all incoming connections and allow all outgoing connections.

要确定ufw  status 后有没有规则可见 

可见 这两个不要手工执行了 默认就有的 现执行就可以连ssh都上不去了 
ufw default deny incoming
ufw default allow outgoing

ufw status verbose

* Firewall Rules

 ufw app list
 

 ufw  allow 'SSH'
ufw  allow  22/tcp
 ufw  allow WWW #其实就是80

 
 
 ufw allow 'Nginx HTTP'


ufw allow 53/tcp 


** Port Ranges

Port ranges may also be specified, a simple example for tcp would be:

  ufw allow 1000:2000/tcp

and for udp:

  ufw allow 1000:2000/udp

** IP address

An IP address may also be used:

 ufw allow from 111.222.333.444

* Deleting Rules

Rules may be deleted with the following command:

 ufw delete allow ssh

ufw reset


troubleshooting


openssh都连接上去 

这个导致上不了的 
 ufw default deny incoming


确定了 不是这个问题  是 
ufw  status verbose 
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp (SSH)               ALLOW IN    Anywhere                  
80/tcp (WWW)               ALLOW IN    Anywhere                  
22/tcp (SSH (v6))          ALLOW IN    Anywhere (v6)             
80/tcp (WWW (v6))          ALLOW IN    Anywhere (v6)   
没有东西  

linode 文档得了

如何确定在 ssh这后再deny incoming 呢  参考iptalbes ?



* see also

https://wiki.debian.org/Uncomplicated%20Firewall%20%28ufw%29

https://www.linode.com/docs/security/firewalls/configure-firewall-with-ufw/


https://help.ubuntu.com/community/UFW

https://www.digitalocean.com/community/tutorials/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server

ubuntu ufw 防火墙