Difference between revisions of "Firewalls"

<!--T:10-->

<!--T:10-->

To view the current configuration you can use the command {{ic|ufw status}}.  Here is what it looks like in a new install:

To view the current configuration you can use the command {{ic|ufw status}}.  Here is what it looks like in a new install:

Logging: on (low)

Logging: on (low)

Default: deny (incoming), allow (outgoing), disabled (routed)

Default: deny (incoming), allow (outgoing), disabled (routed)

New profiles: skip

New profiles: skip

<!--T:11-->

<!--T:11-->

This indicates that it will block all incoming traffic and allow all outgoing traffic.  This is a good starting point for most desktop systems.  However, often we will want to allow some incoming traffic.  This can be done with the command {{ic|ufw allow}}.  For example, if we want to allow incoming ssh traffic so we can connect to the machine from other machines on the network we could use the command:

This indicates that it will block all incoming traffic and allow all outgoing traffic.  This is a good starting point for most desktop systems.  However, often we will want to allow some incoming traffic.  This can be done with the command {{ic|ufw allow}}.  For example, if we want to allow incoming ssh traffic so we can connect to the machine from other machines on the network we could use the command:

<!--T:12-->

<!--T:12-->

If we wanted to also tcp connections to a local webserver on a non-standard https port, 8443.  We could use the command:

If we wanted to also tcp connections to a local webserver on a non-standard https port, 8443.  We could use the command:

<!--T:13-->

<!--T:13-->

{{tip|When you don't specify "in" or "out", "in" is assumed}}

{{tip|When you don't specify "in" or "out", "in" is assumed}}

==UFW and Applications== <!--T:14-->

==UFW and Applications== <!--T:14-->