gefvert.org

Ufw (firewall) Reference

2020-01-26

Enable or disable the firewall:

ufw enable
ufw disable

Allow all incoming HTTP traffic and reject telnet globally (normally 'deny' is used but 'reject' will explicitly reject a connection):

ufw allow in http
ufw reject telnet comment 'telnet is not encrypted'

Allow incoming ssh from certain hosts, IPv4 or IPv6:

ufw allow in from 10.254.254.0/24 to any port 22
ufw allow in from 2001:db8::/32 to any port 22

Enable rate limiting for ssh, preventing more than 6 access attempts for an IP address for 30 seconds.

ufw limit ssh

Special case for only TCP traffic, or only IPv6.

ufw allow in http/tcp
ufw allow in http/tcp proto ipv6

Example:

ufw allow in from 10.254.254.0/24 to any port 22 comment 'internal network/ssh'