Uncomplicated Firewall: Difference between revisions

Revision as of 16:58, 1 October 2015

UFW stands for Uncomplicated Firewall, and is a program for managing a netfilter firewall. It provides a command line interface and aims to be uncomplicated and easy to use.

Installation

UFW can be found in the testing repository. Read Alpine_Linux_package_management#Repository_pinning to enable the testing repository.

Once the testing repository has been enabled, UFW can be installed by issuing the following command:

apk add ip6tables ufw@testing

Basic configuration

The following is a simple configuration that will deny all incoming and outgoing data communication by default and allow incoming SSH, outgoing DNS and NTP traffic:

ufw default deny incoming ufw default deny outgoing ufw limit SSH # open SSH port and protect against brute-force login attacks ufw allow out DNS # allow outgoing DNS ufw allout out 123 # allow outgoing NTP

The following lines are only needed the first time you install the package:

ufw enable rc-update add ufw # add UFW init scripts

Check the status of UFW:

ufw status

@@ Line 7: / Line 7: @@
 Once the testing repository has been enabled, UFW can be installed by issuing the following command:
 {{cmd| apk add ip6tables ufw@testing}}
+== Basic configuration ==
+The following is a simple configuration that will deny all incoming and outgoing data communication by default and allow incoming SSH, outgoing DNS and NTP traffic:
+{{cmd|ufw default deny incoming
+ufw default deny outgoing
+ufw limit SSH         # open SSH port and protect against brute-force login attacks
+ufw allow out DNS     # allow outgoing DNS
+ufw allout out 123    # allow outgoing NTP}}
+The following lines are only needed the first time you install the package:
+{{cmd|ufw enable
+rc-update add ufw    # add UFW init scripts}}
+Check the status of UFW:
+{{cmd|ufw status}}