Table of Contents
UFW (Firewall) Cheat Sheet
ufw ⇒ Uncomplicated FireWall
Display Rules in force
root@s6-mc:~# ufw status numbered Status: active To Action From -- ------ ---- [ 1] 22 ALLOW IN 83.244.144.48/28 [ 2] 11211 ALLOW IN 192.168.177.183 [ 3] 11211 ALLOW IN 192.168.145.140 [ 4] 11211 ALLOW IN 192.168.129.71 [ 5] 11211 ALLOW IN 83.244.144.48/28 [ 6] 11211 ALLOW IN 192.168.130.221 [ 7] 11211/tcp ALLOW IN 84.45.105.145 root@s6-mc:~#
Allow packets from source to specific port
root@host:~# ufw allow from 84.45.105.145 to any port 11211 Rule added root@host:~#
Specify protocol
root@host:~# ufw allow proto tcp from 84.45.105.145 to any port 11211 Rule added root@host:~#
Delete Rule by number position
root@host02:~# ufw status numbered Status: active To Action From -- ------ ---- [ 1] 22/tcp ALLOW IN 83.244.144.48/28 [ 2] 22/tcp ALLOW IN 84.45.114.216/29 [ 3] 22/tcp ALLOW IN 84.45.105.128/26 [ 4] 22/tcp ALLOW IN 31.54.202.43 [ 5] 22/tcp ALLOW IN 86.163.124.91 [ 6] 22/tcp ALLOW IN 109.170.140.10 [ 7] 22/tcp ALLOW IN 79.77.60.164 [ 8] 161/udp ALLOW IN 83.244.144.52 [ 9] Anywhere DENY IN 185.130.5.180 [10] Anywhere DENY IN 185.130.5.181 [11] Anywhere DENY IN 185.130.5.209 [12] 80/tcp ALLOW IN Anywhere [13] 443/tcp ALLOW IN Anywhere [14] 443/tcp ALLOW IN Anywhere (v6) root@host02:~# ufw delete 14 Deleting: allow 443/tcp Proceed with operation (y|n)? y Rule deleted (v6)
Show ufw activity
root@host:~# tail -f /var/log/ufw.log May 27 15:37:56 localhost kernel: [UFW BLOCK] IN=eth0 OUT= MAC=f2:3c:91:69:a0:d7:84:78:ac:0d:8f:41:08:00 SRC=84.45.105.145 DST=212.71.251.190 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=27358 DF PROTO=TCP SPT=58028 DPT=11211 WINDOW=14600 RES=0x00 SYN URGP=0 May 27 15:37:58 localhost kernel: [UFW BLOCK] IN=eth0 OUT= MAC=f2:3c:91:69:a0:d7:84:78:ac:0d:8f:41:08:00 SRC=84.45.105.145 DST=212.71.251.190 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=27359 DF PROTO=TCP SPT=58028 DPT=11211 WINDOW=14600 RES=0x00 SYN URGP=0
Blocking one IP address - At the end of the rules set
The below rules, add a deny rule at the end of the ufw numbered rules.
root@host02:~# ufw deny from 185.130.5.180 Rule added root@host02:~# ufw deny from 185.130.5.209 Rule added
But the IP addresses were not blocked because there was a precedent rule allowing all traffic to port 80 (rule #4):
root@host02:~# ufw status numbered Status: active To Action From -- ------ ---- [ 1] 22/tcp ALLOW IN 83.244.144.48/28 [ 2] 22/tcp ALLOW IN 84.45.114.216/29 [ 3] 22/tcp ALLOW IN 84.45.105.128/26 [ 4] 80 ALLOW IN Anywhere [ 5] 443 ALLOW IN Anywhere [ 6] 22/tcp ALLOW IN 31.54.202.43 [ 7] 22/tcp ALLOW IN 86.163.124.91 [ 8] 22/tcp ALLOW IN 109.170.140.10 [ 9] 22/tcp ALLOW IN 79.77.60.164 [10] 161/udp ALLOW IN 83.244.144.52 [11] Anywhere DENY IN 185.130.5.180 [12] Anywhere DENY IN 185.130.5.209
This can be done removing the Allow 80 and 443 rules and adding them again, but a better solution is the below, insert the new rule in the right position:
Blocking one IP address - Inserting rule in a specific position / order
The below command insert a new rule in a specific position.
### before: root@host02:~# ufw status numbered Status: active To Action From -- ------ ---- [ 1] 22/tcp ALLOW IN 83.244.144.48/28 [ 2] 22/tcp ALLOW IN 84.45.114.216/29 [ 3] 22/tcp ALLOW IN 84.45.105.128/26 [ 4] 22/tcp ALLOW IN 31.54.202.43 [ 5] 22/tcp ALLOW IN 86.163.124.91 [ 6] 22/tcp ALLOW IN 109.170.140.10 [ 7] 22/tcp ALLOW IN 79.77.60.164 [ 8] 161/udp ALLOW IN 83.244.144.52 [ 9] Anywhere DENY IN 185.130.5.180 [10] Anywhere DENY IN 185.130.5.209 [11] 80/tcp ALLOW IN Anywhere [12] 443/tcp ALLOW IN Anywhere [13] 80/tcp ALLOW IN Anywhere (v6) [14] 443/tcp ALLOW IN Anywhere (v6) ### command root@host02:~# ufw insert 10 deny from 185.130.5.181 Rule inserted ### After root@host02:~# ufw status numbered Status: active To Action From -- ------ ---- [ 1] 22/tcp ALLOW IN 83.244.144.48/28 [ 2] 22/tcp ALLOW IN 84.45.114.216/29 [ 3] 22/tcp ALLOW IN 84.45.105.128/26 [ 4] 22/tcp ALLOW IN 31.54.202.43 [ 5] 22/tcp ALLOW IN 86.163.124.91 [ 6] 22/tcp ALLOW IN 109.170.140.10 [ 7] 22/tcp ALLOW IN 79.77.60.164 [ 8] 161/udp ALLOW IN 83.244.144.52 [ 9] Anywhere DENY IN 185.130.5.180 [10] Anywhere DENY IN 185.130.5.181 [11] Anywhere DENY IN 185.130.5.209 [12] 80/tcp ALLOW IN Anywhere [13] 443/tcp ALLOW IN Anywhere [14] 80/tcp ALLOW IN Anywhere (v6) [15] 443/tcp ALLOW IN Anywhere (v6)