UFW – Uncomplicated Firewall – Addhewarman's Blog

To Check ufw status

#ufw status verbose

Allow and Deny (specific rules)

allow port 53 tcp in your ufw
root@google:# ufw allow 53/tcp Rule added root@google:# ufw status Status: active

To Action From -- ------ ---- 22 ALLOW Anywhere 53/tcp ALLOW Anywhere

remove rule port 53 in your ufw
root@google:# ufw delete allow 53/tcp Rule deleted

allow 9933 udp
root@google:# ufw allow 9933/udp Rule added root@google:# ufw status Status: active

To Action From -- ------ ---- 22 ALLOW Anywhere 9933/udp ALLOW Anywhere

remove rule port 9933/udp in your ufw
root@google:# ufw delete allow 9933/udp Rule deleted

deny port 53 in your system
root@google:# ufw deny 53/tcp Rule added root@google:# ufw status Status: active

To Action From -- ------ ---- 22 ALLOW Anywhere 53/tcp DENY Anywhere

remove deny port 53 rule from ufw

root@google:# ufw delete deny 53/tcp Rule deleted

now we will using ip address / specific ip address

root@google:# sudo ufw allow from 192.168.0.4 to any port 22 Rule added You have new mail in /var/mail/root root@google:# ufw status Status: active


To                         Action      From

--                         ------      ----

22                         ALLOW       Anywhere

22/tcp                     ALLOW       Anywhere

80                         ALLOW       Anywhere

10050/tcp                  ALLOW       10.6.0.10

514/udp                    ALLOW       Anywhere

80/tcp                     ALLOW       Anywhere

28778/tcp                  ALLOW       Anywhere

22                         ALLOW       192.168.0.4

root@google:# sudo delete ufw allow from 192.168.0.4 to any port 22 sudo: delete: command not found root@google:# sudo ufw delete allow from 192.168.0.4 to any port 22 Rule deleted

allow icml (ping)
You need to edit /etc/ufw/before.rules and remove the following lines:

# ok icmp codes
-A ufw-before-input -p icmp –icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp –icmp-type source-quench -j ACCEPT
-A ufw-before-input -p icmp –icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp –icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp –icmp-type echo-request -j ACCEPT
or change the “ACCEPT” to “DROP”

# ok icmp codes
-A ufw-before-input -p icmp –icmp-type destination-unreachable -j DROP
-A ufw-before-input -p icmp –icmp-type source-quench -j DROP
-A ufw-before-input -p icmp –icmp-type time-exceeded -j DROP
-A ufw-before-input -p icmp –icmp-type parameter-problem -j DROP
-A ufw-before-input -p icmp –icmp-type echo-request -j DROP

Share this:

Like this:

Related

Leave a Reply Cancel reply