UFW – Uncomplicated Firewall

To Check ufw status


#ufw status verbose

Allow and Deny (specific rules)

allow port 53 tcp in your ufw

root@google:# ufw allow 53/tcp
Rule added
root@google:# ufw status
Status: active

To Action From
-- ------ ----
22 ALLOW Anywhere
53/tcp ALLOW Anywhere

remove rule port 53 in your ufw

root@google:# ufw delete allow 53/tcp
Rule deleted

allow 9933 udp

root@google:# ufw allow 9933/udp
Rule added
root@google:# ufw status
Status: active

To Action From
-- ------ ----
22 ALLOW Anywhere
9933/udp ALLOW Anywhere

remove rule port 9933/udp in your ufw

root@google:# ufw delete allow 9933/udp
Rule deleted

deny port 53 in your system

root@google:# ufw deny 53/tcp
Rule added
root@google:# ufw status
Status: active

To Action From
-- ------ ----
22 ALLOW Anywhere
53/tcp DENY Anywhere

remove deny port 53 rule from ufw


root@google:# ufw delete deny 53/tcp
Rule deleted

now we will using ip address / specific ip address


root@google:# sudo ufw allow from 192.168.0.4 to any port 22
Rule added
You have new mail in /var/mail/root
root@google:# ufw status
Status: active

To Action From
-- ------ ----
22 ALLOW Anywhere
22/tcp ALLOW Anywhere
80 ALLOW Anywhere
10050/tcp ALLOW 10.6.0.10
514/udp ALLOW Anywhere
80/tcp ALLOW Anywhere
28778/tcp ALLOW Anywhere
22 ALLOW 192.168.0.4

root@google:# sudo delete ufw allow from 192.168.0.4 to any port 22
sudo: delete: command not found
root@google:# sudo ufw delete allow from 192.168.0.4 to any port 22
Rule deleted

allow icml (ping)
You need to edit /etc/ufw/before.rules and remove the following lines:

# ok icmp codes
-A ufw-before-input -p icmp –icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp –icmp-type source-quench -j ACCEPT
-A ufw-before-input -p icmp –icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp –icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp –icmp-type echo-request -j ACCEPT
or change the “ACCEPT” to “DROP”

# ok icmp codes
-A ufw-before-input -p icmp –icmp-type destination-unreachable -j DROP
-A ufw-before-input -p icmp –icmp-type source-quench -j DROP
-A ufw-before-input -p icmp –icmp-type time-exceeded -j DROP
-A ufw-before-input -p icmp –icmp-type parameter-problem -j DROP
-A ufw-before-input -p icmp –icmp-type echo-request -j DROP

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s