ufw――linux下一个简单的防火墙

发布时间：2014-09-05 13:40:28作者：知识屋

ufw——linux下一个简单的防火墙

ufw属于管理员工具。

ufw的man文档中已经有丰富的示例，例如：

Users can specify rules using either a simple syntax or a full syntax.

The simple syntax only specifies the port and optionally the protocol to

be allowed or denied on the host. For example:

ufw allow 53

This rule will allow tcp and udp port 53 to any address on this host. To

specify a protocol, append '/protocol' to the port. For example:

ufw allow 25/tcp

This will allow tcp port 25 to any address on this host. ufw will also

check /etc/services for the port and protocol if specifying a service by

name. Eg:

ufw allow smtp

ufw supports both ingress and egress filtering and users may optionally

specify a direction of either in or out for either incoming or outgoing

traffic. If no direction is supplied, the rule applies to incoming traf

fic. Eg:

ufw allow in http

ufw reject out smtp

Users can also use a fuller syntax, specifying the source and destina

tion addresses and ports. This syntax is based on OpenBSD's PF syntax.

For example:

ufw deny proto tcp to any port 80

This will deny all traffic to tcp port 80 on this host. Another example:

ufw deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25

This will deny all traffic from the RFC1918 Class A network to tcp port

25 with the address 192.168.0.1.

ufw deny proto tcp from 2001:db8::/32 to any port 25

This will deny all traffic from the IPv6 2001:db8::/32 to tcp port 25 on

this host. Note that IPv6 must be enabled in /etc/default/ufw for IPv6

firewalling to work.

ufw allow proto tcp from any to any port 80,443,8080:8090

The above will allow all traffic to tcp ports 80, 443 and 8080-8090

inclusive. Note that when specifying multiple ports, the ports list

must be numeric, cannot contain spaces and must be modified as a whole.

Eg, in the above example you cannot later try to delete just the '443'

port. You cannot specify more than 15 ports (ranges count as 2 ports, so

the port count in the above example is 4).

使用示例：

$ ufw status

ERROR: You need to be root to run this script

$ ufw deny 80/tcp

ERROR: You need to be root to run this script

$ sudo ufw deny 80/tcp

[sudo] password for sunlt:

Rules updated

Rules updated (v6)

$ sudo ufw status

Status: inactive

$ sudo ufw enable

Firewall is active and enabled on system startup

$ sudo ufw status

Status: active

To Action From

-- ------ ----

80/tcp DENY Anywhere

80/tcp DENY Anywhere (v6)

$ sudo ufw status numbered

Status: active

To Action From

-- ------ ----

[ 1] 80/tcp DENY IN Anywhere

[ 2] 80/tcp DENY IN Anywhere (v6)

$ sudo ufw delete 1

Deleting:

deny 80/tcp

Proceed with operation (y|n)? y

Rule deleted

$ sudo ufw delete 2

ERROR: Could not find rule '2'

$ sudo ufw status numbered

Status: active

To Action From

-- ------ ----

[ 1] 80/tcp DENY IN Anywhere (v6)

$ sudo ufw delete 1

Deleting:

deny 80/tcp

Proceed with operation (y|n)? y

Rule deleted (v6)

$ sudo ufw status numbered

Status: active

$ sudo ufw disable

Firewall stopped and disabled on system startup

（免责声明：文章内容如涉及作品内容、版权和其它问题，请及时与我们联系，我们将在第一时间删除内容，文章内容仅供参考）

上一篇:解决linux下skype: error while loading shared libra...

下一篇:更改SAR时间输出格式AM/PM

软件推荐

更多 >

游戏推荐

更多 >

精选栏目

手机游戏

手机软件

电脑软件

猜你喜欢

养成抢票通讯医疗二次元彩票影音放置节奏辅助钱包购物招聘儿童武侠仙侠抖音社交不上征信健康竞速投屏导航 360 铃声解谜网易音乐办公射击奇迹拍照漫画金融格斗阅读 RPG WIFI 网贷借钱闯关竞技魔幻英语口语三国视频手机赚钱系统换装美食即时

ufw――linux下一个简单的防火墙

相关知识

软件推荐

游戏推荐

精选栏目

win10

YLMF—OS

Win—XP

windows8

linux

windows7

热门推荐

手机游戏

手机软件

电脑软件

猜你喜欢