Difference between revisions of "Uncomplicated Firewall"

From Alpine Linux
Jump to: navigation, search
(Added installation section)
(Basic configuration section)
Line 7: Line 7:
 
Once the testing repository has been enabled, UFW can be installed by issuing the following command:
 
Once the testing repository has been enabled, UFW can be installed by issuing the following command:
 
{{cmd| apk add ip6tables ufw@testing}}
 
{{cmd| apk add ip6tables ufw@testing}}
 +
 +
== Basic configuration ==
 +
 +
The following is a simple configuration that will deny all incoming and outgoing data communication by default and allow incoming SSH, outgoing DNS and NTP traffic:
 +
 +
{{cmd|ufw default deny incoming
 +
ufw default deny outgoing
 +
ufw limit SSH        # open SSH port and protect against brute-force login attacks
 +
ufw allow out DNS    # allow outgoing DNS
 +
ufw allout out 123    # allow outgoing NTP}}
 +
 +
The following lines are only needed the first time you install the package:
 +
{{cmd|ufw enable
 +
rc-update add ufw    # add UFW init scripts}}
 +
 +
Check the status of UFW:
 +
{{cmd|ufw status}}

Revision as of 16:58, 1 October 2015

UFW stands for Uncomplicated Firewall, and is a program for managing a netfilter firewall. It provides a command line interface and aims to be uncomplicated and easy to use.

Installation

UFW can be found in the testing repository. Read Alpine_Linux_package_management#Repository_pinning to enable the testing repository.

Once the testing repository has been enabled, UFW can be installed by issuing the following command:

apk add ip6tables ufw@testing

Basic configuration

The following is a simple configuration that will deny all incoming and outgoing data communication by default and allow incoming SSH, outgoing DNS and NTP traffic:

ufw default deny incoming ufw default deny outgoing ufw limit SSH # open SSH port and protect against brute-force login attacks ufw allow out DNS # allow outgoing DNS ufw allout out 123 # allow outgoing NTP

The following lines are only needed the first time you install the package:

ufw enable rc-update add ufw # add UFW init scripts

Check the status of UFW:

ufw status