2022-03-14 15:29:45 +08:00
|
|
|
Ufw (Uncomplicated Firewall) is program for managing a netfilter
|
|
|
|
|
firewall. It provides a command line interface and aims to be
|
|
|
|
|
uncomplicated and easy to use.
|
2013-07-29 01:03:23 +08:00
|
|
|
|
2021-12-11 11:13:44 +08:00
|
|
|
Add the following code to /etc/rc.d/rc.local to start Ufw at boot time:
|
2013-07-29 01:03:23 +08:00
|
|
|
|
2014-09-21 19:36:48 +08:00
|
|
|
if [ -x /lib/ufw/ufw-init ]; then
|
2016-12-30 01:49:42 +08:00
|
|
|
/lib/ufw/ufw-init start
|
2013-07-29 01:03:23 +08:00
|
|
|
fi
|
|
|
|
|
|
2022-03-14 15:29:45 +08:00
|
|
|
Ufw comes with a number of common application profiles. Create
|
|
|
|
|
additional application profiles under /etc/ufw/applications.d.
|
|
|
|
|
Each profile should contain a list of rules which include a title,
|
|
|
|
|
description, and port(s) or port range.
|
2013-07-29 01:03:23 +08:00
|
|
|
|
2016-12-30 01:49:42 +08:00
|
|
|
A custom application profile should look similar to this:
|
2013-07-29 01:03:23 +08:00
|
|
|
|
2016-12-30 01:49:42 +08:00
|
|
|
[Application]
|
|
|
|
|
title=Application title
|
|
|
|
|
description=A description for the application.
|
2013-07-29 01:03:23 +08:00
|
|
|
ports=137,138/udp|139,445/tcp
|
|
|
|
|
|
2016-12-30 01:49:42 +08:00
|
|
|
Where xx.xx.xx.xx is the IP address of an external host, enable this
|
|
|
|
|
application profile by executing the following as root:
|
2013-07-29 01:03:23 +08:00
|
|
|
|
2016-12-30 01:49:42 +08:00
|
|
|
# ufw allow from xx.xx.xx.xx app Application
|
