From Gentoo Wiki
Jump to:navigation Jump to:search
This article is a stub. Please help out by expanding it (how to get started).

Ufw is the uncomplicated firewall, and is designed to be as simple to implement. It uses logs such as those obtained by syslog-ng for monitoring, and uses iptables as a back end. Ufw supports both IPv4 and IPv6.



The following kernel configuration must be made before ufw will work.

You must make configurations for iptables & run the iptables wiki page on top of these
KERNEL IPv4 settings
[*] Networking support  --->
        Networking options  --->
            [*] Network packet filtering framework (Netfilter)  --->
                Core Netfilter Configuration  --->
                    <M>   NetBIOS name service protocol support

IP version 6 is not required, however it is highly recommended.

KERNEL IPv6 settings
[*] Networking support  --->
        Networking options  --->
            [*] Network packet filtering framework (Netfilter)  --->
                [*] Advanced netfilter configuration
                IPv6: Netfilter Configuration  --->
                    <M>   "rt" Routing header match support
                    <M>   "HL" hoplimit target support

USE flags

USE flags for net-firewall/ufw A program used to manage a netfilter firewall

examples Example ufw config files
ipv6 IPv6 support for iptables


root #emerge --ask ufw


To allow ssh by default:

root #ufw allow ssh
ssh is blocked by default.


To start ufw at boot:

root #rc-update add ufw default

To start ufw immediately:

root #rc-service ufw start


To start ufw at boot:

root #systemctl enable ufw

To start ufw immediately:

root #systemctl start ufw


To create a simple configuration, run:

root #ufw default deny
root #ufw allow from
root #ufw allow <application-name>

To get a list of possible applications to add, run:

root #ufw app list

Then replace <application-name> with the name of the desired application. For example, to allow incoming Deluge traffic:

root #ufw allow Deluge

Next run

root #ufw enable

The last step is only required only the first time you install the package.

After changes to the rules, restart the firewall:

root #ufw reload

Specific use-cases and applications follow:

KDE Connect

To allow KDE Connect to work on the local network (192.168.0.x), ports 1714 through 1764 have to be opened for both UDP and TCP.

root #ufw allow proto udp from to any port 1714:1764 ; ufw allow proto tcp from to any port 1714:1764

External Resources