การใช้ command line สำหรับ ufw firewall

การใช้ command line สำหรับ ufw firewall

เปิดใช้งาน

root@localhost:~# ufw enable
Firewall is active and enabled on system startup
root@localhost:~#


ปิด ใช้งาน
root@localhost:~# ufw enable
Firewall is active and enabled on system startup
root@localhost:~#

ปรับ policy inbound เป็น deny
root@localhost:~# ufw default deny
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)
root@localhost:~#

เพิ่ม policy inbound เป็น IP

root@localhost:~# ufw allow in from 8.8.8.8 to any
Rule added
root@localhost:~#

กำหนด inbound เป็น port
root@localhost:~# ufw allow in proto tcp from any to any port 22
root@localhost:~# ufw allow in proto udp from any to any port 53

กำหนด outbound บาง port
root@localhost:~# ufw allow out proto udp from any to any port 53
root@localhost:~# ufw allow out proto tcp from any to any port 22,22,23,25,80,110,443
root@localhost:~# ufw deny out from any to any

insert policy กรณีมีอยู่แล้ว
แรกสุดต้องเช็ค ลำดับของ policy
root@localhost:~# ufw status numbered
Status: active

To Action From
-- ------ ----
[ 1] Anywhere ALLOW IN 8.8.8.8
[ 2] 22/tcp ALLOW IN Anywhere
[ 3] 53/udp ALLOW IN Anywhere
[ 4] 53/udp ALLOW OUT Anywhere (out)
[ 5] 161:162/udp ALLOW OUT Anywhere (out)
[ 6] 20,21,22,22,23,25,80,110,443/tcp ALLOW OUT Anywhere (out)
[ 7] Anywhere DENY OUT Anywhere (out)

เพิ่ม policy
root@localhost:~# ufw insert 7 allow out proto tcp from any to any port 1024:65535

ตรวจสอบ policy

root@localhost:~# ufw status numbered
Status: active

To Action From
-- ------ ----
[ 1] Anywhere ALLOW IN 8.8.8.8
[ 2] 22/tcp ALLOW IN Anywhere
[ 3] 53/udp ALLOW IN Anywhere
[ 4] 53/udp ALLOW OUT Anywhere (out)
[ 5] 161:162/udp ALLOW OUT Anywhere (out)
[ 6] 20,21,22,22,23,25,80,110,443/tcp ALLOW OUT Anywhere (out)
[ 7] 1024:65535/tcp ALLOW OUT Anywhere (out)
[ 8] Anywhere DENY OUT Anywhere (out)