Difference between revisions of "Uncomplicated Firewall"

From Alpine Linux
Jump to: navigation, search
(Diskless mode)
(Basic configuration)
Line 15: Line 15:
 
ufw default deny outgoing
 
ufw default deny outgoing
 
ufw limit SSH        # open SSH port and protect against brute-force login attacks
 
ufw limit SSH        # open SSH port and protect against brute-force login attacks
 +
ufw allow out 123/udp # allow outgoing NTP (Network Time Protocol)
 +
 +
# The following instructions will allow apk to work:
 
ufw allow out DNS    # allow outgoing DNS
 
ufw allow out DNS    # allow outgoing DNS
ufw allout out 123    # allow outgoing NTP}}
+
ufw allow out 80/tcp  # allow outgoing HTTP traffic
 +
}}
  
 
The following lines are only needed the first time you install the package:
 
The following lines are only needed the first time you install the package:

Revision as of 09:33, 4 October 2015

UFW stands for Uncomplicated Firewall, and is a program for managing a netfilter firewall. It provides a command line interface and aims to be uncomplicated and easy to use.

Installation

UFW can be found in the testing repository. Read Alpine_Linux_package_management#Repository_pinning to enable the testing repository.

Once the testing repository has been enabled, UFW can be installed by issuing the following command:

apk add ip6tables ufw@testing

Basic configuration

The following is a simple configuration that will deny all incoming and outgoing data communication by default and allow incoming SSH, outgoing DNS and NTP traffic:

ufw default deny incoming ufw default deny outgoing ufw limit SSH # open SSH port and protect against brute-force login attacks ufw allow out 123/udp # allow outgoing NTP (Network Time Protocol)

  1. The following instructions will allow apk to work:

ufw allow out DNS # allow outgoing DNS ufw allow out 80/tcp # allow outgoing HTTP traffic

The following lines are only needed the first time you install the package:

ufw enable rc-update add ufw # add UFW init scripts

Check the status of UFW:

ufw status

Diskless mode

If you have installed Alpine Linux as diskless then you need to use Alpine Local Backup (lbu) to save your UFW configuration. UFW data is stored in /usr/lib/ufw, therefore use the following commands to save the UFW configuration:

lbu add /usr/lib/ufw lbu commit