ufw set firewall rules

ufw 设置防火墙规则

安装以及初始化

# 安装命令
sudo apt install ufw
# 检查UFW状态命令,Inactive by default
sudo ufw status verbose

在配置之前

# 重置所有规则 （The previous configuration cannot be modified）
sudo ufw reset
# Enable and activate the firewall at system startup
sudo ufw enable
# 再次查看UFW状态,will be found to be activated
sudo ufw status verbose

Turn on the set default policy

# 在配置之前,Enable the default settings first,The default policy will deny all incoming connections,All outgoing links are allowed,This opens the specified port or allows the specified port on demandip来连接服务器.
sudo ufw default allow

配置规则

# 打开端口（端口/协议）If no protocol is specified, it defaults to all
sudo ufw allow 22/tcp
# 端口范围
sudo ufw allow 7100:7200/tcp
# 允许指定 IP 地址访问
sudo ufw allow from 64.63.62.61
# 允许指定 IP 地址访问指定端口
sudo ufw allow from 64.63.62.61 to any port 22
# 允许子网
sudo ufw allow from 192.168.1.0/24 to any port 3306
# Allow network card
sudo ufw allow in on eth2 to any port 3306
# 禁止IP连接
sudo ufw deny from 23.24.25.0/24
# 禁止IP连接端口
sudo ufw deny proto tcp from 23.24.25.0/24 to any port 80,443

添加规则,Block other incoming connections

需要注意,Rules are prioritized in the order they were added,若执行ufw deny from any后,Subsequent new rules will not take effect！！！

# 添加规则,Block other incoming connections
sudo ufw deny from any
# 检查UFW状态
sudo ufw status

删除 UFW 规则

有两种不同的方式可以删除 UFW 规则.通过规则序号和通过指定的规则.

1. 通过规则序号来删除

 sudo ufw status numbered
 # 输出
 Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 80/tcp                     ALLOW IN    Anywhere
[ 3] 8080/tcp                   ALLOW IN    Anywhere

# 删除规则,序号为3,这个规则允许对端口8080的连接
sudo ufw delete 3

2. Specify the actual rule to delete

sudo ufw delete allow 8069

禁用\启用\重置UFW

# 禁用
sudo ufw disable
# 启用
sudo ufw enable
# 重置
sudo ufw reset