Basic UFW setup

From packets2photons
Jump to navigation Jump to search

These are my default firewall rules on any Linux box that I setup. Obviously, I allow more if I am running a webserver, VPN et cetera

sudo ufw default deny
sudo ufw limit SSH
sudo ufw enable

I always check the status with:

sudo ufw status

A common one for me for practest:

sudo ufw allow from 10.0.0.0/8 to any port 22
sudo ufw allow to 10.0.0.0/8 from any port 22
sudo ufw allow from 134.115.0.0/16 to any port 22
sudo ufw allow to 134.115.0.0/16 from any port 22
sudo ufw default deny incoming
sudo ufw default deny outgoing
sudo ufw enable

For a non Internet-connected machine, you can temporaryly disable the firewall to do updates with.

sudo ufw disable

Then re-enable with

sude ufw enable