Versão avaliada: Debian 12
O Uncomplicated Firewall apoia na administração do firewall local
# apt install ufw
Nota: Use o comando netstat -ntlup para avaliar todas as portas em uso e depois permitir somente as que são necessárias.
Iniciar con as configurações:
# ufw logging on <- off|low|medium|high|full
# ufw default deny incoming
# ufw default deny outgoing
Regras de entrada:
# ufw allow ssh/tcp
# ufw allow from any|IP|Range to any|IP|Range port 22 proto tcp <- Regra mais específica
# ufw allow http <- # ufw allow 80
# ufw allow https
# ufw allow 8000:9999/tcp
# ufw deny 3306 proto tcp
# ufw status verbose
# ufw enable
Regras de saída:
# ufw allow out from any|IP|Range to any port 53 proto udp
# ufw allow out from any|IP|Range to any port 80 proto tcp
# ufw allow out from any|IP|Range to any port 443 proto tcp
Remover regras
# ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 80/tcp ALLOW IN Anywhere
[ 3] 443/tcp ALLOW IN Anywhere
# ufw delete 2
Deleting:
allow 80/tcp
Proceed with operation (y|n)? y
Rule deleted
Ou:
# ufw delete allow http <- Remove rule http IPv4 e IPv6
Rule deleted
Rule deleted (v6)
Desligar o UFW e zerar configurações
# ufw disable
# ufw reset
Permitir IP, range IP ou IP definindo porta
# ufw allow from 200.10.115.5
# ufw allow from 200.10.115.0/24
# ufw allow from 200.10.115.5 to any|IP|Range port 22
Avaliar lista de nomes de aplicativos.
# ufw app list
Forçar ativação ou desativação IPv6
# vi /etc/default/ufw
IPV6=yes
# ufw --help
Usage: ufw COMMAND
Commands:
enable enables the firewall
disable disables the firewall
default ARG set default policy
logging LEVEL set logging to LEVEL
allow ARGS add allow rule
deny ARGS add deny rule
reject ARGS add reject rule
limit ARGS add limit rule
delete RULE|NUM delete RULE
insert NUM RULE insert RULE at NUM
route RULE add route RULE
route delete RULE|NUM delete route RULE
route insert NUM RULE insert route RULE at NUM
reload reload firewall
reset reset firewall
status show firewall status
status numbered show firewall status as numbered list of RULES
status verbose show verbose firewall status
show ARG show firewall report
version display version information
Application profile commands:
app list list application profiles
app info PROFILE show information on PROFILE
app update PROFILE update PROFILE
app default ARG set default application policy
# ufw allow 5000:5010/udp
# ufw allow in on lo to any <- loopback