UFW
Revision as of 15:57, 12 December 2017 by Freephile (talk | contribs) (added Category:Firewall using HotCat)
Definition
The "uncomplicated" firewall or UFW is an interface to iptables in Ubuntu.
Implementations
For machines with a GUI you can use firestarter. For headless servers, we use ufw as front-ends to iptables
If you think firewalls are uncomplicated, either you have never administered one, or you have been doing it for a long time. UFW is ONLY a front-end to iptables
Recipes
Take the output from querying the rules on a server named it
and apply to whatever other host you need
ssh it sudo cat /etc/firestarter/inbound/allow-from | /usr/bin/awk '{ print "sudo ufw allow from " $1 " to any app Apache # add rule for " $2 }' | /bin/sed s/,//
Gotcha
Save your firewall rules when manipulating iptables directly or you will lose them upon reboot!!!
Because Firestarter (and ufw) are just front-ends to iptables, parsing their respective rulesets will not necessarily give you the full picture of what iptables is configured to do.
Check against the IPs which are present in actual iptables:
iptables-save | grep ACCEPT | awk '{print $4}' | grep ^[[:digit:]] | sort -un
Sample Usage
# show the status
ufw status
# take a closer look (adds protocol info)
ufw status verbose
# rules can be complicated to delete because you need the exact syntax of the 'create' rule
# add ability to connect to the Postgres server
ufw allow from 192.168.1.12 to any port 5432
ufw --dry-run delete allow from 192.168.1.12 to any port 8080
# if a dry run returns a list of rules, then it was "successful". No output or an error message indicates failure
# deleting a bunch of "allow" rules on port 8080
ufw status verbose |grep 8080 |sed 's/8080/ufw delete/'|sed 's/IN/from/'|sed 's/$/ to any port 8080/'|sh
ufw limit ssh/tcp
# automatically limit the number of ssh attempts from a certain host over a period of time