Show pageBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== uncomplicated firewall (ufw) ====== [[https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commands|UFW Essentials: Common Firewall Rules and Commands]] ===== block IPs ===== <code bash> # single IP ufw insert 1 deny from 192.168.111.123/32 # IP range ufw insert 1 deny from 192.168.111.123/24 </code> → you can use ''ufw deny from'' instead, but keep in mind the rules are evaluated from first to last, so if you have an ''allow'' rule before, the ''deny'' rule might not be applied. ===== port forwarding ===== <file - /etc/ufw/before.rules> # port forwarding *nat :PREROUTING ACCEPT [0:0] # flush rules so no duplicates are added -F # forward :3217 to wireguard listening on :5226 -A PREROUTING -p udp --dport 3217 -j REDIRECT --to-port 5226 COMMIT</file> after that: <code bash>ufw disable && ufw enable</code> ===== scripts ===== check if enabled or disabled in bash: <code bash>if ! grep ENABLED=no /etc/ufw/ufw.conf>/dev/null; then echo "enabled"; else echo "disabled"; fi</code> Last modified: 2024-07-05 14:31