Uncomplicated Firewall

2021-07-30T21:06:22Z

Tpk: /* Installation */

UFW stands for [https://launchpad.net/ufw Uncomplicated Firewall], and is a program for managing a netfilter firewall. It provides a command line interface and aims to be uncomplicated and easy to use.

== Installation ==

UFW can be found in the community repository. Read [[Alpine_Linux_package_management#Repository_pinning]] to enable the community repository.

Once the community repository has been enabled, UFW can be installed by issuing the following command:
{{cmd| apk add ip6tables ufw}}

== Basic configuration ==

The following is a simple configuration that will deny all incoming and outgoing data communication by default and allow incoming SSH, outgoing DNS and NTP traffic:

<pre>ufw default deny incoming
ufw default deny outgoing
ufw limit SSH # open SSH port and protect against brute-force login attacks
ufw allow out 123/udp # allow outgoing NTP (Network Time Protocol)

# The following instructions will allow apk to work:
ufw allow out DNS # allow outgoing DNS
ufw allow out 80/tcp # allow outgoing HTTP traffic</pre>

The following lines are only needed the first time you install the package:
{{cmd|ufw enable # enable the firewall
rc-update add ufw # add UFW init scripts}}

Check the status of UFW:
{{cmd|ufw status}}

== Diskless mode ==

If you have installed Alpine Linux as [[Installation#Installation_Handbook|diskless]] then you need to use [[Alpine local backup|Alpine Local Backup (lbu)]] to save your UFW configuration. UFW data is stored in <code>/usr/lib/ufw</code>, therefore use the following commands to save the UFW configuration:
{{cmd|lbu add /usr/lib/ufw
lbu commit}}

[[Category:Networking]]
[[Category:Security]]

Alpine Linux - User contributions [en]

Uncomplicated Firewall