ufw 命令详解

| 选择喜欢的代码风格  

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

ufw 命令安装:


-bash/zsh: ufw command not found

#Debian
apt-get install ufw

#Ubuntu
apt-get install ufw

#Arch Linux
pacman -S ufw

#Kali Linux
apt-get install ufw

#Fedora
dnf install ufw

#Raspbian
apt-get install ufw

ufw 命令补充说明:


Uncomplicated Firewall,简称 UFW,是 Ubuntu 系统上默认的防火墙组件。 UFW 是为轻量化配置 iptables 而开发的一款工具。 UFW 提供一个非常友好的界面用于创建基于 IPV4,IPV6 的防火墙规则。 UFW 在 Ubuntu 8.04 LTS 后的所有发行版中默认可用。

ufw 命令语法:


ufw [--dry-run] enable|disable|reload

ufw [--dry-run] default allow|deny|reject [incoming|outgoing|routed]

ufw [--dry-run] logging on|off|LEVEL

ufw [--dry-run] reset

ufw [--dry-run] status [verbose|numbered]

ufw [--dry-run] show REPORT

ufw [--dry-run] [delete] [insert NUM]  allow|deny|reject|limit  [in|out]  [log|log-all]  [
PORT[/PROTOCOL] | APPNAME ] [comment COMMENT]

ufw [--dry-run]   [rule]  [delete]  [insert  NUM]  allow|deny|reject|limit  [in|out  [on
INTERFACE]] [log|log-all] [proto PROTOCOL] [from ADDRESS [port PORT | app APPNAME  ]]  [to
ADDRESS [port PORT | app APPNAME ]] [comment COMMENT]

ufw [--dry-run] route [delete] [insert NUM] allow|deny|reject|limit [in|out on INTERFACE]
[log|log-all] [proto PROTOCOL] [from ADDRESS [port PORT | app APPNAME]] [to ADDRESS  [port
PORT | app APPNAME]] [comment COMMENT]

ufw [--dry-run] delete NUM

ufw [--dry-run] app list|info|default|update

ufw 命令选项:


--version
      show program's version number and exit

-h, --help
      show help message and exit

--dry-run
      don't modify anything, just show the changes

enable reloads firewall and enables firewall on boot.

disable
      unloads firewall and disables firewall on boot

reload reloads firewall

default allow|deny|reject DIRECTION
      change  the  default  policy for traffic going DIRECTION, where DIRECTION is one of
      incoming, outgoing or routed. Note that existing rules will  have  to  be  migrated
      manually  when  changing  the  default policy. See RULE SYNTAX for more on deny and
      reject.

logging on|off|LEVEL
      toggle logging. Logged packets use the LOG_KERN syslog facility. Systems configured
      for  rsyslog  support  may  also  log to /var/log/ufw.log. Specifying a LEVEL turns
      logging on for the specified LEVEL. The default log level is  'low'.   See  LOGGING
      for details.

reset  Disables  and  resets  firewall to installation defaults. Can also give the --force
      option to perform the reset without confirmation.

status show status of firewall and  ufw  managed  rules.  Use  status  verbose  for  extra
      information.  In  the  status  output,  'Anywhere'  is  synonymous  with  'any' and
      '0.0.0.0/0'. Note that when  using  status,  there  is  a  subtle  difference  when
      reporting interfaces. For example, if the following rules are added:

        ufw allow in on eth0 from 192.168.0.0/16
        ufw allow out on eth1 to 10.0.0.0/8
        ufw route allow in on eth0 out on eth1 to 10.0.0.0/8 from 192.168.0.0/16
        ufw limit 2222/tcp comment 'SSH port'

      ufw status will output:

        To                         Action      From
        --                         ------      ----
        Anywhere on eth0           ALLOW       192.168.0.0/16
        10.0.0.0/8                 ALLOW OUT   Anywhere on eth1
        10.0.0.0/8 on eth1         ALLOW FWD   192.168.0.0/16 on eth0
        Anywhere                   LIMIT       Anywhere                 # SSH port

      For  the input and output rules, the interface is reported relative to the firewall
      system as an endpoint, whereas with route rules, the interface is reported relative
      to the direction packets flow through the firewall.

show REPORT
      display information about the running firewall. See REPORTS

allow ARGS
      add allow rule.  See RULE SYNTAX

deny ARGS
      add deny rule.  See RULE SYNTAX

reject ARGS
      add reject rule.  See RULE SYNTAX

limit ARGS
      add limit rule.  Currently only IPv4 is supported.  See RULE SYNTAX

delete RULE|NUM
      deletes the corresponding RULE

insert NUM RULE
      insert the corresponding RULE as rule number NUM

ufw 命令实例:


启用 ufw:

ufw enable

禁用 ufw:

ufw disable

ufw 显示 ufw 规则及其编号:

ufw status numbered

ufw 允许此主机上端口 5432 上的传入流量,并带有标识服务的注释:

ufw allow 5432 comment "Service"

ufw 仅允许来自 192.168.0.4 的 TCP 流量到此主机上的任何地址,端口 22:

ufw allow proto tcp from 192.168.0.4 to any port 22

ufw 拒绝此主机上端口 80 上的流量:

ufw deny 80

ufw 拒绝到端口 22 的所有 UDP 流量:

ufw deny proto udp from any to any port 22

ufw 删除特定规则。可以从 `ufw status numbered` 命令中检索规则编号:

ufw delete rule_number

ufw 命令扩展阅读:




ufw 命令评论