diff options
Diffstat (limited to 'content/blog/2021-01-07-ufw.md')
| -rw-r--r-- | content/blog/2021-01-07-ufw.md | 109 |
1 files changed, 52 insertions, 57 deletions
diff --git a/content/blog/2021-01-07-ufw.md b/content/blog/2021-01-07-ufw.md index da62aac..803173c 100644 --- a/content/blog/2021-01-07-ufw.md +++ b/content/blog/2021-01-07-ufw.md @@ -7,30 +7,29 @@ draft = false # Uncomplicated Firewall -Uncomplicated Firewall, also known as ufw, is a convenient and -beginner-friendly way to enforce OS-level firewall rules. For those who -are hosting servers or any device that is accessible to the world (i.e., -by public IP or domain name), it\'s critical that a firewall is properly -implemented and active. - -Ufw is available by default in all Ubuntu installations after 8.04 LTS. -For other distributions, you can look to install ufw or check if there -are alternative firewalls installed already. There are usually -alternatives available, such as Fedora\'s `firewall` and the -package available on most distributions: `iptables`. Ufw is -considered a beginner-friendly front-end to iptables. - -[Gufw](https://gufw.org) is available as a graphical user interface -(GUI) application for users who are uncomfortable setting up a firewall -through a terminal. +Uncomplicated Firewall, also known as ufw, is a convenient and beginner-friendly +way to enforce OS-level firewall rules. For those who are hosting servers or any +device that is accessible to the world (i.e., by public IP or domain name), +it's critical that a firewall is properly implemented and active. + +Ufw is available by default in all Ubuntu installations after 8.04 LTS. For +other distributions, you can look to install ufw or check if there are +alternative firewalls installed already. There are usually alternatives +available, such as Fedora's `firewall` and the package available on most +distributions: `iptables`. Ufw is considered a beginner-friendly front-end to +iptables. + +[Gufw](https://gufw.org) is available as a graphical user interface (GUI) +application for users who are uncomfortable setting up a firewall through a +terminal.  # Getting Help -If you need help figuring out commands, remember that you can run the -`--help` flag to get a list of options. +If you need help figuring out commands, remember that you can run the `--help` +flag to get a list of options. ```sh sudo ufw --help @@ -38,20 +37,19 @@ sudo ufw --help # Set Default State -The proper way to run a firewall is to set a strict default state and -slowly open up ports that you want to allow. This helps prevent anything -malicious from slipping through the cracks. The following command -prevents all incoming traffic (other than the rules we specify later), -but you can also set this for outgoing connections, if necessary. +The proper way to run a firewall is to set a strict default state and slowly +open up ports that you want to allow. This helps prevent anything malicious from +slipping through the cracks. The following command prevents all incoming traffic +(other than the rules we specify later), but you can also set this for outgoing +connections, if necessary. ```sh sudo ufw default deny incoming ``` -You should also allow outgoing traffic if you want to allow the device -to communicate back to you or other parties. For example, media servers -like Plex need to be able to send out data related to streaming the -media. +You should also allow outgoing traffic if you want to allow the device to +communicate back to you or other parties. For example, media servers like Plex +need to be able to send out data related to streaming the media. ```sh sudo ufw default allow outgoing @@ -59,24 +57,23 @@ sudo ufw default allow outgoing # Adding Port Rules -Now that we\'ve disabled all incoming traffic by default, we need to -open up some ports (or else no traffic would be able to come in). If you -need to be able to `ssh` into the machine, you\'ll need to -open up port 22. +Now that we've disabled all incoming traffic by default, we need to open up +some ports (or else no traffic would be able to come in). If you need to be able +to `ssh` into the machine, you'll need to open up port 22. ```sh sudo ufw allow 22 ``` -You can also issue more restrictive rules. The following rule will allow -`ssh` connections only from machines on the local subnet. +You can also issue more restrictive rules. The following rule will allow `ssh` +connections only from machines on the local subnet. ```sh sudo ufw allow proto tcp from 192.168.0.0/24 to any port 22 ``` -If you need to set a rule that isn\'t tcp, just append your connection -type to the end of the rule. +If you need to set a rule that isn't tcp, just append your connection type to +the end of the rule. ```sh sudo ufw allow 1900/udp @@ -99,8 +96,7 @@ sudo reboot now # Checking Status -Now that the firewall is enabled, let\'s check and see what the rules -look like. +Now that the firewall is enabled, let's check and see what the rules look like. ```sh sudo ufw status numbered @@ -117,9 +113,9 @@ Status: active # Deleting Rules -If you need to delete a rule, you need to know the number associated -with that rule. Let\'s delete the first rule in the table above. You\'ll -be asked to confirm the deletion as part of this process. +If you need to delete a rule, you need to know the number associated with that +rule. Let's delete the first rule in the table above. You'll be asked to +confirm the deletion as part of this process. ```sh sudo ufw delete 1 @@ -127,11 +123,10 @@ sudo ufw delete 1 # Managing App Rules -Luckily, there\'s a convenient way for installed applications to create -files that ufw can easily implement so that you don\'t have to search -and find which ports your application requires. To see if your device -has any applications with pre-installed ufw rules, execute the following -command: +Luckily, there's a convenient way for installed applications to create files +that ufw can easily implement so that you don't have to search and find which +ports your application requires. To see if your device has any applications with +pre-installed ufw rules, execute the following command: ```sh sudo ufw app list @@ -148,14 +143,14 @@ Available applications: plexmediaserver-dlna ``` -If you want to get more information on a specific app rule, use the -`info` command. +If you want to get more information on a specific app rule, use the `info` +command. ```sh sudo ufw app info plexmediaserver-dlna ``` -You\'ll get a blurb of info back like this: +You'll get a blurb of info back like this: ``` txt Profile: plexmediaserver-dlna @@ -167,8 +162,8 @@ Ports: 32469/tcp ``` -You can add or delete app rules the same way that you\'d add or delete -specific port rules. +You can add or delete app rules the same way that you'd add or delete specific +port rules. ```sh sudo ufw allow plexmediaserver-dlna @@ -180,12 +175,12 @@ sudo ufw delete RULE|NUM # Creating App Rules -If you\'d like to create you own app rule, you\'ll need to create a file -in the `/etc/ufw/applications.d` directory. Within the file -you create, you need to make sure the content is properly formatted. +If you'd like to create you own app rule, you'll need to create a file in the +`/etc/ufw/applications.d` directory. Within the file you create, you need to +make sure the content is properly formatted. -For example, here are the contents my `plexmediaserver` file, -which creates three distinct app rules for ufw: +For example, here are the contents my `plexmediaserver` file, which creates +three distinct app rules for ufw: ``` config [plexmediaserver] @@ -204,8 +199,8 @@ description=The Plex Media Server (with additional DLNA capability) ports=32400/tcp|3005/tcp|5353/udp|8324/tcp|32410:32414/udp|1900/udp|32469/tcp ``` -So, if I wanted to create a custom app rule called \"mycustomrule,\" -I\'d create a file and add my content like this: +So, if I wanted to create a custom app rule called "mycustomrule," I'd create +a file and add my content like this: ```sh sudo nano /etc/ufw/applications.d/mycustomrule |