Ufw on debian
目录
* install
apt install ufw
* Configuration
ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y Firewall is active and enabled on system startup UFW’s defaults are to deny all incoming connections and allow all outgoing connections. 可见 这两个不要手工执行了 默认就有的 现执行就可以连ssh都上不去了 ufw default deny incoming ufw default allow outgoing ufw status verbose
* Firewall Rules
ufw app list ufw allow 'SSH' ufw allow 22/tcp ufw allow WWW #其实就是80 ufw allow 'Nginx HTTP' ufw allow 53/tcp
** Port Ranges
Port ranges may also be specified, a simple example for tcp would be: ufw allow 1000:2000/tcp and for udp: ufw allow 1000:2000/udp
** IP address
An IP address may also be used: ufw allow from 111.222.333.444
* Deleting Rules
Rules may be deleted with the following command: ufw delete allow ssh ufw reset
troubleshooting
openssh都连接上去 这个导致上不了的 ufw default deny incoming 确定了 不是这个问题 是 ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 22/tcp (SSH) ALLOW IN Anywhere 80/tcp (WWW) ALLOW IN Anywhere 22/tcp (SSH (v6)) ALLOW IN Anywhere (v6) 80/tcp (WWW (v6)) ALLOW IN Anywhere (v6) 没有东西 linode 文档得了 如何确定在 ssh这后再deny incoming 呢 参考iptalbes ?
* see also
https://wiki.debian.org/Uncomplicated%20Firewall%20%28ufw%29
https://www.linode.com/docs/security/firewalls/configure-firewall-with-ufw/