====== UFW (Firewall) Cheat Sheet ======
ufw => //U//ncomplicated //F//ire//W//all
===== Display Rules in force =====
root@s6-mc:~# ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22 ALLOW IN 83.244.144.48/28
[ 2] 11211 ALLOW IN 192.168.177.183
[ 3] 11211 ALLOW IN 192.168.145.140
[ 4] 11211 ALLOW IN 192.168.129.71
[ 5] 11211 ALLOW IN 83.244.144.48/28
[ 6] 11211 ALLOW IN 192.168.130.221
[ 7] 11211/tcp ALLOW IN 84.45.105.145
root@s6-mc:~#
===== Allow packets from source to specific port =====
root@host:~# ufw allow from 84.45.105.145 to any port 11211
Rule added
root@host:~#
===== Specify protocol =====
root@host:~# ufw allow proto tcp from 84.45.105.145 to any port 11211
Rule added
root@host:~#
===== Delete Rule by number position =====
root@host02:~# ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN 83.244.144.48/28
[ 2] 22/tcp ALLOW IN 84.45.114.216/29
[ 3] 22/tcp ALLOW IN 84.45.105.128/26
[ 4] 22/tcp ALLOW IN 31.54.202.43
[ 5] 22/tcp ALLOW IN 86.163.124.91
[ 6] 22/tcp ALLOW IN 109.170.140.10
[ 7] 22/tcp ALLOW IN 79.77.60.164
[ 8] 161/udp ALLOW IN 83.244.144.52
[ 9] Anywhere DENY IN 185.130.5.180
[10] Anywhere DENY IN 185.130.5.181
[11] Anywhere DENY IN 185.130.5.209
[12] 80/tcp ALLOW IN Anywhere
[13] 443/tcp ALLOW IN Anywhere
[14] 443/tcp ALLOW IN Anywhere (v6)
root@host02:~# ufw delete 14
Deleting:
allow 443/tcp
Proceed with operation (y|n)? y
Rule deleted (v6)
===== Show ufw activity =====
root@host:~# tail -f /var/log/ufw.log
May 27 15:37:56 localhost kernel: [UFW BLOCK] IN=eth0 OUT= MAC=f2:3c:91:69:a0:d7:84:78:ac:0d:8f:41:08:00 SRC=84.45.105.145 DST=212.71.251.190 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=27358 DF PROTO=TCP SPT=58028 DPT=11211 WINDOW=14600 RES=0x00 SYN URGP=0
May 27 15:37:58 localhost kernel: [UFW BLOCK] IN=eth0 OUT= MAC=f2:3c:91:69:a0:d7:84:78:ac:0d:8f:41:08:00 SRC=84.45.105.145 DST=212.71.251.190 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=27359 DF PROTO=TCP SPT=58028 DPT=11211 WINDOW=14600 RES=0x00 SYN URGP=0
===== Blocking one IP address - At the end of the rules set =====
The below rules, add a deny rule at the end of the ufw numbered rules.
root@host02:~# ufw deny from 185.130.5.180
Rule added
root@host02:~# ufw deny from 185.130.5.209
Rule added
But the IP addresses were not blocked because there was a precedent rule allowing all traffic to port 80 (rule #4):
root@host02:~# ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN 83.244.144.48/28
[ 2] 22/tcp ALLOW IN 84.45.114.216/29
[ 3] 22/tcp ALLOW IN 84.45.105.128/26
[ 4] 80 ALLOW IN Anywhere
[ 5] 443 ALLOW IN Anywhere
[ 6] 22/tcp ALLOW IN 31.54.202.43
[ 7] 22/tcp ALLOW IN 86.163.124.91
[ 8] 22/tcp ALLOW IN 109.170.140.10
[ 9] 22/tcp ALLOW IN 79.77.60.164
[10] 161/udp ALLOW IN 83.244.144.52
[11] Anywhere DENY IN 185.130.5.180
[12] Anywhere DENY IN 185.130.5.209
This can be done removing the Allow 80 and 443 rules and adding them again, but a better solution is the below, insert the new rule in the right position:
===== Blocking one IP address - Inserting rule in a specific position / order =====
The below command insert a new rule in a specific position.
### before:
root@host02:~# ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN 83.244.144.48/28
[ 2] 22/tcp ALLOW IN 84.45.114.216/29
[ 3] 22/tcp ALLOW IN 84.45.105.128/26
[ 4] 22/tcp ALLOW IN 31.54.202.43
[ 5] 22/tcp ALLOW IN 86.163.124.91
[ 6] 22/tcp ALLOW IN 109.170.140.10
[ 7] 22/tcp ALLOW IN 79.77.60.164
[ 8] 161/udp ALLOW IN 83.244.144.52
[ 9] Anywhere DENY IN 185.130.5.180
[10] Anywhere DENY IN 185.130.5.209
[11] 80/tcp ALLOW IN Anywhere
[12] 443/tcp ALLOW IN Anywhere
[13] 80/tcp ALLOW IN Anywhere (v6)
[14] 443/tcp ALLOW IN Anywhere (v6)
### command
root@host02:~# ufw insert 10 deny from 185.130.5.181
Rule inserted
### After
root@host02:~# ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN 83.244.144.48/28
[ 2] 22/tcp ALLOW IN 84.45.114.216/29
[ 3] 22/tcp ALLOW IN 84.45.105.128/26
[ 4] 22/tcp ALLOW IN 31.54.202.43
[ 5] 22/tcp ALLOW IN 86.163.124.91
[ 6] 22/tcp ALLOW IN 109.170.140.10
[ 7] 22/tcp ALLOW IN 79.77.60.164
[ 8] 161/udp ALLOW IN 83.244.144.52
[ 9] Anywhere DENY IN 185.130.5.180
[10] Anywhere DENY IN 185.130.5.181
[11] Anywhere DENY IN 185.130.5.209
[12] 80/tcp ALLOW IN Anywhere
[13] 443/tcp ALLOW IN Anywhere
[14] 80/tcp ALLOW IN Anywhere (v6)
[15] 443/tcp ALLOW IN Anywhere (v6)
===== Extra documentation =====
https://www.digitalocean.com/community/tutorials/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server