Linux - UFW Firewall Setup (ufw)

Рет қаралды 24,821

4 жыл бұрын

Find code and diagrams at: www.EliTheComputerGuy.com
UFW is a simple firewall application that is included with Ubuntu nd can be installed on other distributions of Linux.
Note: For the demonstrations to work you may need to change settings or hardware configurations within your virtualization software. I had to connect my host machine to a hard word connection for Rules for specific IP Addresses to work.
sudo ufw status - shows current status of ufw
sudo ufw enable - Enables ufw firewall
By default ALL incoming traffic is blocked
sudo ufw disable - Disables ufw
sudo ufw status verbose - Shows all Rules currently configured for ufw
sudo ufw allow 21 - Allows specific port
sudo ufw allow ssh - Allows ports for a specific service
sudo ufw status numbered - Shows rules in numbered order so that you can delete specific rules
sudo ufw delete 1 - Deletes rule based on number
sudo ufw allow from 192.168.1.2 - Allows traffic from a specific IP address to all ports
sudo ufw allow from 192.168.1.0/24 - Allows traffic from a subnet to all ports
sudo ufw allow from 192.168.1.2 to any port 22 - Allows traffic from a specific IP address to a specific port
sudo ufw allow from 192.168.1.0/24 to any port 22 - Allows traffic from a subnet to a specific port
sudo ufw reset - Deletes all rules and disables ufw

Пікірлер: 38

@mockingbird3809 4 жыл бұрын

Very informative video and Thank you so much for Adding those UFW commands on the description, It really make life lot easier.

@Chris.Wiley. 4 жыл бұрын

Thank you so much for this series. I've learned a ton so far.

@mohammedbarsad4931 4 жыл бұрын

Thanks sir , your MCSC course was very worthy for me and God bless you

@ogunsadebenjaminadeiyin2729 2 жыл бұрын

Thank you for making these lessons free. God bless you brother.

@mdd1963 4 жыл бұрын

Great tutorial, Sir!

@midwestmetro6361 Жыл бұрын

Thanks a lot for these free topics

@joselevicanasenjo2171 Жыл бұрын

i like the backgroung, Eli

@StatuVariabilis- 2 жыл бұрын

txh, good vid + you have nice map

@BeginningofDays 3 жыл бұрын

Most excellent. :)

@karthick9030 4 жыл бұрын

Hey eli it's amazing that u made the learning new technologies much in ease manner, y don't u prefer doing videos about RPA(Robotic Process Autonation)

@productionpenguin4974 4 жыл бұрын

awesome video, subscribed!

@SilentSolution 2 жыл бұрын

Thanks for your information Sir

@HadToChangeMyName_YoutubeSucks 3 жыл бұрын

Always remember that when you delete a rule the numbers above that rule are going to change. If you delete rule 2 then rule 3 will become rule 2, so if you want to get rid of both 2 and 3 you have to either run delete 2 twice or run delete 3 first and then delete 2, if you delete 2 and then delete 3 you've deleted the incorrect rule. The best bet if you're deleting rules is to always run status numbered between deletes to confirm you're about to delete the correct rule. Also, you should make a habit of creating your rules BEFORE you enable ufw. That's even more important if you're working remotely. Can't tell you how many people have shelled in to a new server setup and without thinking locked themselves out by enabling ufw without allowing ssh first.

@MrWewill11 2 жыл бұрын

Great info

@ogunsadebenjaminadeiyin2729 2 жыл бұрын

😂😂😂nice, funny yet useful❤❤

@amy9tn926 3 жыл бұрын

Hi, Do I need to log in/authenticate UFW every time I search the internet/run an application? In the terminal UFW shows active.

@danielsolomon6227 11 күн бұрын

The wifi issue has to do with the router blocking certain ports for all devices on the LAN. Some residential ISPs only allow you to use ports 80 and 443 . This drove me crazy for days and I still could not change the configuration on my router.

@geografiaeducativa2727 3 жыл бұрын

Greetings, a query, my pc connects wlan to router and assigns me an ip for its dhcp 10.10.1.10 if I have everything configured by default in ufw and I apply the following command: ufw deny from 10.10.1.0/24 with this I block any access from the internal network to my computer so that I can avoid any attack, what else can I do in the configuration apart from denying the ping response. sorry my bad english

@VulcanOnWheels 3 жыл бұрын

I'm sorry if this has been asked before. I activated ufw and read in the status that it should block everything at first, but it didn't. Is this normal, or specific to Linux Mint, or...? What do I need to do to get ufw working properly?

@aaron5809 4 жыл бұрын

Allowing only a specific ip-address to access does not work if the client is using DHCP right?

@vihangpathak9759 3 жыл бұрын

Thank you so much sir

@agelords76 3 жыл бұрын

how to block a source port like "11211" memcache from any ip address using linux iptables

@acbacbacbacbacb 4 жыл бұрын

sometimes the ftp service ufw doesn't let the ftp work and then when i write "ufw allow proto ftp to any port 21" it returns with "ERROR: Unsupported protocol 'ftp'". Is there a solution to my problem and why is this happening?

@acbacbacbacbacb 4 жыл бұрын

nevermind i did the "service vsftpd start" and it worked (keeping this for anyone who got stuck like me)

@raoufouchene5132 4 жыл бұрын

Thanks sir

@airsofttrooper08 3 жыл бұрын

cant figure out why ufw isnt working literally at all. keeps blocking all traffic no matter what rules i put in

@HadToChangeMyName_YoutubeSucks 3 жыл бұрын

If you're using a modem with a built in firewall you would need to open the ports there as well.

@user-vn7ce5ig1z 4 жыл бұрын

3:12 - I want my specific _login_ to access SSH (and FTP) regardless of my IP address (I want to access the server from other systems without granting the system specifically access), but FTP and SSH have thus far thwarted my attempts to log in from outside my LAN. :-\

@janfisher8333 4 жыл бұрын

what

@undergroundstudio9810 3 жыл бұрын

what if you want it open to everyone except certain ip's or subnets? Like if I'm using Linux as a BBS server?

@HadToChangeMyName_YoutubeSucks 3 жыл бұрын

It's just like allow, but you use deny

@undergroundstudio9810 3 жыл бұрын

@@HadToChangeMyName_KZfaqSucks I'm using the linux box as a bbs server for a Commodore 64, traffic is only allowed in on one port. Whenever someone "calls" it triggers "Hit backspace to cont", which is normal. I have however one specific IP that attempts at least twice a day, that has been "Denied" and still manages to trigger "the hit backspace to con" on the Commodore. It seems to be automated, as it just times out and the commdore resets

@HadToChangeMyName_YoutubeSucks 3 жыл бұрын

@@undergroundstudio9810 Try using iptables -L INPUT -v -n | grep "1.2.3.4" to see if it's properly added to your iptables.