Uncomplicated Firewall: Difference between revisions
WhyNotHugo (talk | contribs) |
|||
(4 intermediate revisions by 4 users not shown) | |||
Line 3: | Line 3: | ||
== Installation == | == Installation == | ||
UFW can be found in the | UFW can be found in the community repository. Read [[Alpine_Linux_package_management#Repository_pinning]] to enable the community repository. | ||
Once the | Once the community repository has been enabled, UFW can be installed by issuing the following command: | ||
{{cmd| apk add ip6tables ufw | {{cmd| apk add ip6tables ufw}} | ||
== Basic configuration == | == Basic configuration == | ||
Line 12: | Line 12: | ||
The following is a simple configuration that will deny all incoming and outgoing data communication by default and allow incoming SSH, outgoing DNS and NTP traffic: | The following is a simple configuration that will deny all incoming and outgoing data communication by default and allow incoming SSH, outgoing DNS and NTP traffic: | ||
<pre>ufw default deny incoming | |||
ufw default deny outgoing | ufw default deny outgoing | ||
ufw limit SSH # open SSH port and protect against brute-force login attacks | ufw limit SSH # open SSH port and protect against brute-force login attacks | ||
Line 19: | Line 19: | ||
# The following instructions will allow apk to work: | # The following instructions will allow apk to work: | ||
ufw allow out DNS # allow outgoing DNS | ufw allow out DNS # allow outgoing DNS | ||
ufw allow out 80/tcp # allow outgoing HTTP traffic | ufw allow out 80/tcp # allow outgoing HTTP traffic</pre> | ||
The following lines are only needed the first time you install the package: | The following lines are only needed the first time you install the package: | ||
{{cmd|ufw enable | {{cmd|ufw enable # enable the firewall | ||
rc-update add ufw # add UFW init scripts}} | rc-update add ufw # add UFW init scripts}} | ||
Line 31: | Line 30: | ||
== Diskless mode == | == Diskless mode == | ||
If you have installed Alpine Linux as [[Installation#Installation_Handbook|diskless]] then you need to use [[Alpine local backup|Alpine Local Backup (lbu)]] to save your UFW configuration. UFW data is stored in | If you have installed Alpine Linux as [[Installation#Installation_Handbook|diskless]] then you need to use [[Alpine local backup|Alpine Local Backup (lbu)]] to save your UFW configuration. UFW data is stored in {{Path|/usr/lib/ufw}}, therefore use the following commands to save the UFW configuration: | ||
{{cmd|lbu add /usr/lib/ufw | {{cmd|lbu add /usr/lib/ufw | ||
lbu commit}} | lbu commit}} | ||
== See also == | |||
* [[nftables]]: kernel subsystem that does the actual filtering and its user-space utilities. | |||
[[Category:Networking]] | [[Category:Networking]] | ||
[[Category:Security]] | [[Category:Security]] |
Latest revision as of 09:04, 7 July 2024
UFW stands for Uncomplicated Firewall, and is a program for managing a netfilter firewall. It provides a command line interface and aims to be uncomplicated and easy to use.
Installation
UFW can be found in the community repository. Read Alpine_Linux_package_management#Repository_pinning to enable the community repository.
Once the community repository has been enabled, UFW can be installed by issuing the following command:
apk add ip6tables ufw
Basic configuration
The following is a simple configuration that will deny all incoming and outgoing data communication by default and allow incoming SSH, outgoing DNS and NTP traffic:
ufw default deny incoming ufw default deny outgoing ufw limit SSH # open SSH port and protect against brute-force login attacks ufw allow out 123/udp # allow outgoing NTP (Network Time Protocol) # The following instructions will allow apk to work: ufw allow out DNS # allow outgoing DNS ufw allow out 80/tcp # allow outgoing HTTP traffic
The following lines are only needed the first time you install the package:
ufw enable # enable the firewall rc-update add ufw # add UFW init scripts
Check the status of UFW:
ufw status
Diskless mode
If you have installed Alpine Linux as diskless then you need to use Alpine Local Backup (lbu) to save your UFW configuration. UFW data is stored in /usr/lib/ufw, therefore use the following commands to save the UFW configuration:
lbu add /usr/lib/ufw lbu commit
See also
- nftables: kernel subsystem that does the actual filtering and its user-space utilities.