ufw is firewall in Ubuntu.
To enable
systemctl enable ufw
To list available apps, run
ufw app list
To see the status, run
ufw status
To see firewall rules in a numbered format
ufw status numbered
Stop ufw
ufw disable
Start ufw
ufw enable
Open Ports
Here are some commands to open ports.
ufw allow ssh
ufw allow http
ufw allow https
ufw allow 3333/tcp
Following command open tcp ports 8000 to 9000.
ufw allow 8000:9000/tcp
Disable all other ports by default for incoming and allow all outbound traffic
ufw default deny incoming
ufw default allow outgoing
Whitelist an IP
To allow an IP to access all services
ufw allow from IP_ADDR_HERE
To allow to specific PORT
ufw allow from IP_ADDR_HERE proto tcp to any port PORT_HERE
ufw allow from IP_ADDR_HERE proto udp to any port PORT_HERE
Enable Logging
To enable logging, run
ufw logging on
By default ufw logs to /var/log/kern.log.
To log to differnt file, edit
vi /etc/rsyslog.d/20-ufw.conf
Uncomment the line
:msg,contains,"[UFW " /var/log/ufw.log
rstart rsyslog
systemctl restart rsyslog
Allow cloudflare IP in ufw
for cfip in `curl -sw '\n' https://www.cloudflare.com/ips-v{4,6}`; do ufw allow proto tcp from $cfip comment 'Cloudflare IP'; done
See firewall