UFW Mechanics

Now that you have some security set up it is time to just see how it all works.  The easiest method is to allow access to a specific port to everyone.  For example, if you wanted to allow everyone access to your web server on port 80 you could do this command:
sudo ufw allow 80/tcp
This allows everyone access to the web server using the tcp protocol.  Simple, but this may not be what you want to do.  Maybe you want to only allow some people access to the server.  Here is how you could limit access to your web server for just one IP Address.
ufw1
Ufw is the command followed by “allow” which determines access.  The protocol must be listed as you do not want to allow udp on port 80 as it is not needed or used.  You will create security holes if you just open a port to both tcp and udp.  You must specifically indicate the protocol in each of your rules.  The “from” determines access from specific IP Addresses or subnets.  The “to any” provides access to the server and if the server is forwarding traffic, would allow access to internal machines as well.
Delete a Rule
When you want to delete a rule you will need to know what the rule was that you created and then just place ufw delete in front of the rule.
ufw2
You can stop connections from specific IP Addresses or subnets by using the deny option.
ufw3
If you wanted to stop all connections from a subnet you would just list that subnet:
sudo ufw deny from 192.168.4.0/24
Always use the status to check if your command is correct.
sudo ufw status
Status: active
To                         Action      From
–                         ——      —-
22/tcp                     ALLOW       192.68.5.0/24
Apache                     ALLOW       Anywhere
Anywhere                   DENY        192.168.4.0/24
Post a Comment

You might also like :

Related Posts with Thumbnails