Ufw

From Gentoo Wiki
Jump to: navigation, search
This article is a stub. You can help by expanding it.
Resources





Ufw stands for uncomplicated firewall, and is just that. It uses logs such as those obtained by syslog-ng for monitoring, and uses iptables as a back end. Ufw supports both ip v4 & ip v6.

Installation

Kernel

The following kernel configuration must be made before ufw will work.

Note
You must make configurations for iptables & run the iptables wiki page on top of these
KERNEL ip v4 settings
[*] Networking support  --->
        Networking options  --->
            [*] Network packet filtering framework (Netfilter)  --->
                Core Netfilter Configuration  --->
                    <M>   NetBIOS name service protocol support

IP version 6 is not required, however it is highly recommended.

KERNEL ip v6 settings
[*] Networking support  --->
        Networking options  --->
            [*] Network packet filtering framework (Netfilter)  --->
                IPv6: Netfilter Configuration  --->
                    <M>   "rt" Routing header match support
                    <M>   "HL" hoplimit target support

USE flags

USE flags for net-firewall/ufw A program used to manage a netfilter firewall

examples Install examples, usually source code global

Emerge

root #emerge --ask ufw

Service

To allow ssh by default:

root #ufw allow ssh
Important
ssh is blocked by default.

OpenRC

To start ufw at boot:

root #rc-update add ufw default

To start ufw immediately:

root #rc-service ufw start

systemd

To start ufw at boot:

root #systemctl enable ufw

To start ufw immediately:

root #systemctl start ufw

Configuration

To create a simple configuration, run:

root #ufw default deny
root #ufw allow from 192.168.0.0/24
root #ufw allow <application-name>

To get a list of possible applications to add, run:

root #ufw app list

Then replace <application-name> with the name of the desired application. For example, to allow incoming Deluge traffic:

root #ufw allow Deluge

Next run

root #ufw enable

The last step is only required only the first time you install the package.

External Resources