Feb 29, 2012

UFW: Uncomplicated Fire Wall

Back when I used Red Hat Linux and Fedora I had to use the iptables tool to create a secure box over the Internet. It's been a few years since, and now I gladly find that the CLI has a new simplified firewall tool: ufw. This tool takes away the onerous task of creating the long chain rules required for iptables and compresses them into easy to decipher statements.

Here is a little script I used for my machine to lock away the whole internet except for the companies web-application:


#!/bin/bash
#
# Accept all outgoing packets from this machine by default
sudo ufw default allow outgoing
#
# Deny all incoming packets to this machine by default
sudo ufw default deny incoming
#
# Only accept outgoing connections to port 80 (www) to the following IP addresses
sudo ufw allow out to 1.2.3.4 port 80
sudo ufw allow out to 10.0.0.1 port 80
#
# Other reject all other connections to port 80
sudo ufw reject out 80
#
# Turns on the firewall and adds it to the boot-up script
sudo ufw enable

No comments:

Post a Comment

Thanks for contributing!! Try to keep on topic and please avoid flame wars!!