Ufw
Ufw is the uncomplicated firewall, and is designed to be as simple to implement. It uses logs such as those obtained by syslog-ng for monitoring, and uses iptables as a back end. Ufw supports both IPv4 and IPv6.
Installation
Kernel
The following kernel configuration must be made before ufw will work.
[*] Networking support --->
Networking options --->
[*] Network packet filtering framework (Netfilter) --->
Core Netfilter Configuration --->
<M> NetBIOS name service protocol support
IP version 6 is not required, however it is highly recommended.
[*] Networking support --->
Networking options --->
[*] Network packet filtering framework (Netfilter) --->
[*] Advanced netfilter configuration
IPv6: Netfilter Configuration --->
<M> "rt" Routing header match support
<M> "HL" hoplimit target support
USE flags
USE flags for net-firewall/ufw A program used to manage a netfilter firewall
Emerge
root #
emerge --ask ufw
Service
To allow ssh by default:
root #
ufw allow ssh
The ssh access is blocked by default.
This is a workaround for bug #871747.
If you get the warning "ERROR: problem running" then this can be solved by installing dev-python/pip
root #
emerge --ask dev-python/pip
OpenRC
To start ufw at boot:
root #
rc-update add ufw default
To start ufw immediately:
root #
rc-service ufw start
systemd
To start ufw at boot:
root #
systemctl enable ufw
To start ufw immediately:
root #
systemctl start ufw
Configuration
To create a simple configuration, run:
root #
ufw default deny incoming
root #
ufw allow from 192.168.0.0/24
root #
ufw allow <application-name>
To get a list of possible applications to add, run:
root #
ufw app list
Then replace <application-name> with the name of the desired application. For example, to allow incoming Deluge traffic:
root #
ufw allow Deluge
Next run
root #
ufw enable
The last step is only required only the first time you install the package.
After changes to the rules, restart the firewall:
root #
ufw reload
Specific use-cases and applications follow:
KDE Connect
To allow KDE Connect to work on the local network (192.168.0.x), ports 1714 through 1764 have to be opened for both UDP and TCP.
root #
ufw allow proto udp from 192.168.0.0/24 to any port 1714:1764
root #
ufw allow proto tcp from 192.168.0.0/24 to any port 1714:1764