install ufw
sudo apt install ufw
先拒絕所有傳入連線、允許傳出連線:
sudo ufw default deny incoming
sudo ufw default allow outgoing
允許ssh:
sudo ufw allow ssh
or
sudo ufw allow 22 //if your ssh is using port 22
激活ufw:
sudo ufw enable
允許其他連線,你可以使用服務名稱、port number 或是 ip address:
sudo ufw allow http(80)
sudo ufw allow from 192.168.1.245
如果要拒絕連線,直接把上面的allow改成deny就可以了,如:
sudo ufw deny http
sudo ufw deny from 192.168.1.245
刪除上述加入的規則,在中間加入delete:
sudo ufw delete allow http
或是用加入順序的號碼:
sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 80/tcp ALLOW IN Anywhere
[ 3] 443 ALLOW IN Anywhere
[ 4] Anywhere ALLOW IN 192.168.1.30
[ 5] 22/tcp (v6) ALLOW IN Anywhere (v6)
[ 6] 80/tcp (v6) ALLOW IN Anywhere (v6)
[ 7] 443 (v6) ALLOW IN Anywhere (v6)
左邊不是有1~7嗎?直接輸入號碼刪除規則:
sudo ufw delete 3
把ufw關掉:
sudo ufw disable
重置ufw,這會連規則都給刪了:
sudo ufw reset
