Uncomplicated Firewall: Difference between revisions

From Alpine Linux
 
(4 intermediate revisions by 4 users not shown)
Line 3: Line 3:
== Installation ==
== Installation ==


UFW can be found in the testing repository.  Read [[Alpine_Linux_package_management#Repository_pinning]] to enable the testing repository.
UFW can be found in the community repository.  Read [[Alpine_Linux_package_management#Repository_pinning]] to enable the community repository.


Once the testing repository has been enabled, UFW can be installed by issuing the following command:
Once the community repository has been enabled, UFW can be installed by issuing the following command:
{{cmd| apk add ip6tables ufw@testing}}
{{cmd| apk add ip6tables ufw}}


== Basic configuration ==
== Basic configuration ==
Line 12: Line 12:
The following is a simple configuration that will deny all incoming and outgoing data communication by default and allow incoming SSH, outgoing DNS and NTP traffic:  
The following is a simple configuration that will deny all incoming and outgoing data communication by default and allow incoming SSH, outgoing DNS and NTP traffic:  


{{cmd|ufw default deny incoming
<pre>ufw default deny incoming
ufw default deny outgoing
ufw default deny outgoing
ufw limit SSH        # open SSH port and protect against brute-force login attacks
ufw limit SSH        # open SSH port and protect against brute-force login attacks
Line 19: Line 19:
# The following instructions will allow apk to work:
# The following instructions will allow apk to work:
ufw allow out DNS    # allow outgoing DNS
ufw allow out DNS    # allow outgoing DNS
ufw allow out 80/tcp  # allow outgoing HTTP traffic
ufw allow out 80/tcp  # allow outgoing HTTP traffic</pre>
}}


The following lines are only needed the first time you install the package:
The following lines are only needed the first time you install the package:
{{cmd|ufw enable
{{cmd|ufw enable     # enable the firewall
rc-update add ufw    # add UFW init scripts}}
rc-update add ufw    # add UFW init scripts}}


Line 31: Line 30:
== Diskless mode ==
== Diskless mode ==


If you have installed Alpine Linux as [[Installation#Installation_Handbook|diskless]] then you need to use [[Alpine local backup|Alpine Local Backup (lbu)]] to save your UFW configuration.  UFW data is stored in <code>/usr/lib/ufw</code>, therefore use the following commands to save the UFW configuration:
If you have installed Alpine Linux as [[Installation#Installation_Handbook|diskless]] then you need to use [[Alpine local backup|Alpine Local Backup (lbu)]] to save your UFW configuration.  UFW data is stored in {{Path|/usr/lib/ufw}}, therefore use the following commands to save the UFW configuration:
{{cmd|lbu add /usr/lib/ufw
{{cmd|lbu add /usr/lib/ufw
lbu commit}}
lbu commit}}
== See also ==
* [[nftables]]: kernel subsystem that does the actual filtering and its user-space utilities.


[[Category:Networking]]
[[Category:Networking]]
[[Category:Security]]
[[Category:Security]]

Latest revision as of 09:04, 7 July 2024

UFW stands for Uncomplicated Firewall, and is a program for managing a netfilter firewall. It provides a command line interface and aims to be uncomplicated and easy to use.

Installation

UFW can be found in the community repository. Read Alpine_Linux_package_management#Repository_pinning to enable the community repository.

Once the community repository has been enabled, UFW can be installed by issuing the following command:

apk add ip6tables ufw

Basic configuration

The following is a simple configuration that will deny all incoming and outgoing data communication by default and allow incoming SSH, outgoing DNS and NTP traffic:

ufw default deny incoming
ufw default deny outgoing
ufw limit SSH         # open SSH port and protect against brute-force login attacks
ufw allow out 123/udp # allow outgoing NTP (Network Time Protocol)

# The following instructions will allow apk to work:
ufw allow out DNS     # allow outgoing DNS
ufw allow out 80/tcp  # allow outgoing HTTP traffic

The following lines are only needed the first time you install the package:

ufw enable # enable the firewall rc-update add ufw # add UFW init scripts

Check the status of UFW:

ufw status

Diskless mode

If you have installed Alpine Linux as diskless then you need to use Alpine Local Backup (lbu) to save your UFW configuration. UFW data is stored in /usr/lib/ufw, therefore use the following commands to save the UFW configuration:

lbu add /usr/lib/ufw lbu commit

See also

  • nftables: kernel subsystem that does the actual filtering and its user-space utilities.