ufw
Table of Contents
- 1. Show status
- 2. Explicitly set default deny
- 3. Allow connections from specific IP to defined port
- 4. Allow connections from any IP to the defined port
- 5. Allow connections from IP range to any IP on a port range
- 6. Applications profiles
- 7. Deleting rules
- 8. Enabling ufw
- 9. ufw and Docker
- 10. ufw misc
- 11. References
1. Show status
2. Explicitly set default deny
ufw default deny incoming
3. Allow connections from specific IP to defined port
ufw allow from 0.0.0.0 proto tcp to any port 1234
4. Allow connections from any IP to the defined port
ufw allow proto tcp from any to any port 1234
5. Allow connections from IP range to any IP on a port range
ufw allow from 192.168.0.0/16 to any port 1230:1240 proto tcp
6. Applications profiles
The profiles are kept in /etc/ufw/applications.d
6.1. To view which applications have installed a profile
ufw app list
6.2. Allow connections from IP range to an application profile
There is no need to provide the protocol (e.g. proto tcp)
ufw allow from 192.168.0.0/16 to any app syncthing-gui
7. Deleting rules
To delete a rule find its associated number
ufw status numbered
Then to delete the rule
ufw delete <number>
8. Enabling ufw
ufw enable systemctl enable --now ufw
9. ufw and Docker
10. ufw misc
From ufw(8)
ufw supports connection rate limiting, which is useful for protecting against brute-force login attacks. When a limit rule is used, ufw will normally allow the connection but will deny connections if an IP address attempts to initiate 6 or more connections within 30 seconds.