Ufw

From ConShell
Jump to: navigation, search

UFW (uncomplicated firewall) is a simple firewall (script) to use on Linux distributions. It is basically a wrapper around Iptables.

It is easy to enable and manage the rules.

See this tutorial to get started.

https://www.digitalocean.com/community/tutorials/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server

I found it helpful to bump up the logging level to see more than just the denials.

$ sudo ufw logging medium

Log messages appear in /var/log/syslog (on Ubuntu, anyway) with prefixes like [UFW AUDIT] and [UFW BLOCK]

Jun 24 12:02:43 omega kernel: [ 3060.890170] [UFW BLOCK] IN=ens3 OUT= MAC=04:01:37:84:98:01:3c:8a:b0:0d:3f:f0:08:00 SRC=77.72.85.8 DST=104.236.136.20 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=20036 PROTO=TCP SPT=59741 DPT=1509 WINDOW=1024 RES=0x00 SYN URGP=0 
Jun 24 12:02:46 omega kernel: [ 3063.300709] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=36160 DF PROTO=TCP SPT=40520 DPT=3306 WINDOW=43690 RES=0x00 SYN URGP=0 

More info