Ufw: Difference between revisions
From Lolly's Wiki
Jump to navigationJump to search
(Die Seite wurde neu angelegt: „Kategorie:Linux <source lang=bash> # ufw [insert <number>] allow log-all from 10.0.0.0/16 to any app OpenSSH Rule inserted # ufw status verbose Status: ac…“) |
No edit summary |
||
| Line 1: | Line 1: | ||
[[Kategorie:Linux]] | [[Kategorie:Linux]] | ||
==Diable IPv6== | |||
/etc/default/ufw | |||
<source lang=bash> | <source lang=bash> | ||
# ufw | # Set to yes to apply rules to support IPv6 (no means only IPv6 on loopback | ||
# accepted). You will need to 'disable' and then 'enable' the firewall for | |||
# the changes to take affect. | |||
IPV6=no | |||
</source> | |||
/etc/ufw/sysctl.conf | |||
<source lang=bash> | |||
# Uncomment this to turn off ipv6 autoconfiguration | |||
net/ipv6/conf/default/autoconf=0 | |||
net/ipv6/conf/all/autoconf=0 | |||
</source> | |||
==Setup Rules== | |||
===Adding a rule=== | |||
<source lang=bash> | |||
# ufw allow log-all from 192.168.2.0/24 to any app OpenSSH | |||
Rule added | |||
# ufw status verbose | |||
Status: active | |||
Logging: on (low) | |||
Default: reject (incoming), allow (outgoing), disabled (routed) | |||
New profiles: skip | |||
To Action From | |||
-- ------ ---- | |||
22/tcp (OpenSSH) ALLOW IN 192.168.2.0/24 (log-all) | |||
</source> | |||
===Inserting before=== | |||
<source lang=bash> | |||
# ufw insert 1 allow log-all from 192.168.1.0/24 to any app OpenSSH | |||
Rule inserted | Rule inserted | ||
# ufw | # ufw status verbose | ||
Status: active | Status: active | ||
Logging: on (low) | Logging: on (low) | ||
Default: | Default: reject (incoming), allow (outgoing), disabled (routed) | ||
New profiles: skip | New profiles: skip | ||
To Action From | To Action From | ||
-- ------ ---- | -- ------ ---- | ||
22/tcp (OpenSSH) ALLOW IN | 22/tcp (OpenSSH) ALLOW IN 192.168.1.0/24 (log-all) | ||
22/tcp (OpenSSH) ALLOW IN 192.168.2.0/24 (log-all) | |||
# ufw status numbered | |||
Status: active | |||
To Action From | |||
-- ------ ---- | |||
[ 1] OpenSSH ALLOW IN 192.168.1.0/24 (log-all) | |||
[ 2] OpenSSH ALLOW IN 192.168.2.0/24 (log-all) | |||
</source> | </source> | ||
Revision as of 09:26, 17 August 2015
Diable IPv6
/etc/default/ufw
# Set to yes to apply rules to support IPv6 (no means only IPv6 on loopback
# accepted). You will need to 'disable' and then 'enable' the firewall for
# the changes to take affect.
IPV6=no
/etc/ufw/sysctl.conf
# Uncomment this to turn off ipv6 autoconfiguration
net/ipv6/conf/default/autoconf=0
net/ipv6/conf/all/autoconf=0
Setup Rules
Adding a rule
# ufw allow log-all from 192.168.2.0/24 to any app OpenSSH
Rule added
# ufw status verbose
Status: active
Logging: on (low)
Default: reject (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp (OpenSSH) ALLOW IN 192.168.2.0/24 (log-all)
Inserting before
# ufw insert 1 allow log-all from 192.168.1.0/24 to any app OpenSSH
Rule inserted
# ufw status verbose
Status: active
Logging: on (low)
Default: reject (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp (OpenSSH) ALLOW IN 192.168.1.0/24 (log-all)
22/tcp (OpenSSH) ALLOW IN 192.168.2.0/24 (log-all)
# ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] OpenSSH ALLOW IN 192.168.1.0/24 (log-all)
[ 2] OpenSSH ALLOW IN 192.168.2.0/24 (log-all)
