Uncomplicated Firewall: Difference between revisions

From Alpine Linux
(Added installation section)
(Basic configuration section)
Line 7: Line 7:
Once the testing repository has been enabled, UFW can be installed by issuing the following command:
Once the testing repository has been enabled, UFW can be installed by issuing the following command:
{{cmd| apk add ip6tables ufw@testing}}
{{cmd| apk add ip6tables ufw@testing}}
== Basic configuration ==
The following is a simple configuration that will deny all incoming and outgoing data communication by default and allow incoming SSH, outgoing DNS and NTP traffic:
{{cmd|ufw default deny incoming
ufw default deny outgoing
ufw limit SSH        # open SSH port and protect against brute-force login attacks
ufw allow out DNS    # allow outgoing DNS
ufw allout out 123    # allow outgoing NTP}}
The following lines are only needed the first time you install the package:
{{cmd|ufw enable
rc-update add ufw    # add UFW init scripts}}
Check the status of UFW:
{{cmd|ufw status}}

Revision as of 16:58, 1 October 2015

UFW stands for Uncomplicated Firewall, and is a program for managing a netfilter firewall. It provides a command line interface and aims to be uncomplicated and easy to use.

Installation

UFW can be found in the testing repository. Read Alpine_Linux_package_management#Repository_pinning to enable the testing repository.

Once the testing repository has been enabled, UFW can be installed by issuing the following command:

apk add ip6tables ufw@testing

Basic configuration

The following is a simple configuration that will deny all incoming and outgoing data communication by default and allow incoming SSH, outgoing DNS and NTP traffic:

ufw default deny incoming ufw default deny outgoing ufw limit SSH # open SSH port and protect against brute-force login attacks ufw allow out DNS # allow outgoing DNS ufw allout out 123 # allow outgoing NTP

The following lines are only needed the first time you install the package:

ufw enable rc-update add ufw # add UFW init scripts

Check the status of UFW:

ufw status