A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
-bash/zsh: ufw command not found #Debian apt-get install ufw #Ubuntu apt-get install ufw #Arch Linux pacman -S ufw #Kali Linux apt-get install ufw #Fedora dnf install ufw #Raspbian apt-get install ufw
Uncomplicated Firewall,简称 UFW,是 Ubuntu 系统上默认的防火墙组件。 UFW 是为轻量化配置 iptables 而开发的一款工具。 UFW 提供一个非常友好的界面用于创建基于 IPV4,IPV6 的防火墙规则。 UFW 在 Ubuntu 8.04 LTS 后的所有发行版中默认可用。
ufw [--dry-run] enable|disable|reload ufw [--dry-run] default allow|deny|reject [incoming|outgoing|routed] ufw [--dry-run] logging on|off|LEVEL ufw [--dry-run] reset ufw [--dry-run] status [verbose|numbered] ufw [--dry-run] show REPORT ufw [--dry-run] [delete] [insert NUM] allow|deny|reject|limit [in|out] [log|log-all] [ PORT[/PROTOCOL] | APPNAME ] [comment COMMENT] ufw [--dry-run] [rule] [delete] [insert NUM] allow|deny|reject|limit [in|out [on INTERFACE]] [log|log-all] [proto PROTOCOL] [from ADDRESS [port PORT | app APPNAME ]] [to ADDRESS [port PORT | app APPNAME ]] [comment COMMENT] ufw [--dry-run] route [delete] [insert NUM] allow|deny|reject|limit [in|out on INTERFACE] [log|log-all] [proto PROTOCOL] [from ADDRESS [port PORT | app APPNAME]] [to ADDRESS [port PORT | app APPNAME]] [comment COMMENT] ufw [--dry-run] delete NUM ufw [--dry-run] app list|info|default|update
--version
show program's version number and exit
-h, --help
show help message and exit
--dry-run
don't modify anything, just show the changes
enable reloads firewall and enables firewall on boot.
disable
unloads firewall and disables firewall on boot
reload reloads firewall
default allow|deny|reject DIRECTION
change the default policy for traffic going DIRECTION, where DIRECTION is one of
incoming, outgoing or routed. Note that existing rules will have to be migrated
manually when changing the default policy. See RULE SYNTAX for more on deny and
reject.
logging on|off|LEVEL
toggle logging. Logged packets use the LOG_KERN syslog facility. Systems configured
for rsyslog support may also log to /var/log/ufw.log. Specifying a LEVEL turns
logging on for the specified LEVEL. The default log level is 'low'. See LOGGING
for details.
reset Disables and resets firewall to installation defaults. Can also give the --force
option to perform the reset without confirmation.
status show status of firewall and ufw managed rules. Use status verbose for extra
information. In the status output, 'Anywhere' is synonymous with 'any' and
'0.0.0.0/0'. Note that when using status, there is a subtle difference when
reporting interfaces. For example, if the following rules are added:
ufw allow in on eth0 from 192.168.0.0/16
ufw allow out on eth1 to 10.0.0.0/8
ufw route allow in on eth0 out on eth1 to 10.0.0.0/8 from 192.168.0.0/16
ufw limit 2222/tcp comment 'SSH port'
ufw status will output:
To Action From
-- ------ ----
Anywhere on eth0 ALLOW 192.168.0.0/16
10.0.0.0/8 ALLOW OUT Anywhere on eth1
10.0.0.0/8 on eth1 ALLOW FWD 192.168.0.0/16 on eth0
Anywhere LIMIT Anywhere # SSH port
For the input and output rules, the interface is reported relative to the firewall
system as an endpoint, whereas with route rules, the interface is reported relative
to the direction packets flow through the firewall.
show REPORT
display information about the running firewall. See REPORTS
allow ARGS
add allow rule. See RULE SYNTAX
deny ARGS
add deny rule. See RULE SYNTAX
reject ARGS
add reject rule. See RULE SYNTAX
limit ARGS
add limit rule. Currently only IPv4 is supported. See RULE SYNTAX
delete RULE|NUM
deletes the corresponding RULE
insert NUM RULE
insert the corresponding RULE as rule number NUM
启用 ufw:
ufw enable
禁用 ufw:
ufw disable
ufw 显示 ufw 规则及其编号:
ufw status numbered
ufw 允许此主机上端口 5432 上的传入流量,并带有标识服务的注释:
ufw allow 5432 comment "Service"
ufw 仅允许来自 192.168.0.4 的 TCP 流量到此主机上的任何地址,端口 22:
ufw allow proto tcp from 192.168.0.4 to any port 22
ufw 拒绝此主机上端口 80 上的流量:
ufw deny 80
ufw 拒绝到端口 22 的所有 UDP 流量:
ufw deny proto udp from any to any port 22
ufw 删除特定规则。可以从 `ufw status numbered` 命令中检索规则编号:
ufw delete rule_number