sudo ufw app list 찾아 보기
rm /etc/ufw/applications.d/cups
제거 cup 프린터 직접 해당 파일 제거 하면 된다..
등록
cp /home/홍길동/firefox /etc/ufw/applications.d/
sudo ufw allow firefox
firefox 내용입니다
[FIREFOX]
title=Navegador Web firefox
description=Navegador Web firefox
ports=80,8080/tcp
firefox여기서 주의 사항은 아래 문서 글거서 하면 tab 한것 같이
아래 처럼 되는대 이럼 오류 발생 합니다 위 처럼 하셔야 오류가 발생 하지 않습니다..
[FIREFOX] <-비정상
title=Navegador Web firefox
description=Navegador Web firefox
ports=80,8080/tcp
http://beginlinux.com/blog/2009/10/using-profiles-with-ufw/
hello! I write from Venezuela and no speak english. EXCUSEME!!!
I want block aplications (the access to Internet) whith ufw, but I can’t.
for example I use:
sudo ufw default deny outgoing
and I use this perfil for firefox in /etc/ufw/applications.d
[FIREFOX]
title=Navegador Web firefox
description=Navegador Web firefox
ports=80,8080/tcp
and then I do:
sudo ufw allow out to any app firefox
but that does not work
and I do not want anything like this:
sudo ufw allow out 80 (I know what work)
I only wish that firefox have internet access, and other programs that I choose
http://sun0.cs.uca.edu/~administrator/docs/admin:ufw
| SSH | sudo ufw allow ssh |
| Kerberos | sudo ufw allow kerberos |
| Kadmin | sudo ufw allow kerberos-adm |
| LDAP | sudo ufw allow ldap |
| Secure FTP | sudo ufw allow sftp |
| HTTP | sudo ufw allow www |
| RSYNC | sudo ufw allow rsync |
| AFS | sudo ufw allow afs3-fileserver sudo ufw allow afs3-callback sudo ufw allow afs3-prserver sudo ufw allow afs3-vlserver sudo ufw allow afs3-kaserver sudo ufw allow afs3-volser sudo ufw allow afs3-errors sudo ufw allow afs3-bos sudo ufw allow afs3-rmtsys |
| Puppetmaster | sudo ufw allow 8140 |
| Condor | sudo ufw allow 9618 sudo ufw allow 9614 for (( i=9700 ; $i <= 9900 ; i=$i + 1 )); do sudo ufw allow $i/tcp ; done |
| Samba | sudo ufw allow 135 sudo ufw allow 137 sudo ufw allow 138 sudo ufw allow 139 sudo ufw allow 445 |
http://www.geoffke.be/nieuws/12/
http://www.wawuk.net/book/export/html/47
Ubuntu Firewalls Guide. Part I: Uncomplicated firewall
Most Linux system comes with iptables – sophisticated software firewall – which is somewhat difficult to configure. Luckily, Ubuntu, as user-friendly community, decided to simplify this task, and so ufw was born.
Ufw stands for “Uncomplicated firewall”. Indeed, to configure iptables using ufw, it’s enough to open terminal window and type in few simple commands.
NOTE: To open terminal, please access Applications > Accessories > Terminal.
If you type in “ufw -?” you’ll see full list of available commands. Below are some examples, for your inquisitive minds.
Usage
To work with ufw, you need to have administrative permissions. So, we append word “sudo” – stands for super user do(es) – so that command like “ufw status” turns into “sudo ufw status”. If you don’t do this, you’ll get the message “ERROR: You need to be root to run this script”.
Service commands:
sudo ufw status – displays status of uncomplicated firewall.
sudo ufw enable – turns firewall on.
sudo ufw disable – turns firewall off.
sudo ufw reload – applies rules to firewall.
Rules control:
NOTE: Adding new rules require firewall to be running, or changes will be lost. To do this, type in “sudo ufwn enable”.
sudo ufw allow 25 – permits all traffic on port 25.
sudo ufw deny 110 – drops all traffic on port 110.
sudo ufw reject http – refuses (notifying the other side) all traffic on http service port (which is 80).
sudo ufw allow in 21 – allows all incoming traffic on port 21.
sudo ufw deny out 8080 – denies all outgoing traffic on port 8080.
sudo ufw allow from 123.45.67.89 – allows any traffic coming from 123.45.67.89.
sudo ufw limit 22/tcp – drops all connections on tcp port 22, if there were over 6 connections to this port with-in last 30 seconds.
sudo ufw reset – clears all rules.
Syntax
Syntax for ufw rules is as follows:
ufw allow|deny|reject|limit in|out port/protocol
Where:
Allow – accepts packets
Deny – drops packets
Reject – refuses packets
Limit – moderates packets
In – sets direction to incoming packets
Out – sets direction to outgoing packets
Port – defines target port. It can be:
- Numeric as 80
- Service name as http (see Services file)
- List as 80,110 (separated by comma, no space allowed)
- Range 8000:8080 (all ports from 8000 to 8080)
NOTE: If you define list of ports, you can define maximum 15 items per rule. Range considered as 2 items.
Protocol – can be “any”, “tcp” or “udp”, depending on what you’re planning to filter.
Advanced syntax
This is also an advanced syntax, which allows you to define interface, manage entries in rule set, configure logging or define custom behavior for specific applications. For example:
sudo ufw deny in on eth0 – drop all incoming packets on eth0 interface.
sudo ufw allow out on eth0 to any port 25 proto tcp – allow all outgoing traffic on eth0 interface, to any address, at port 25 with protocol tcp.
NOTE: To define protocol in complex rule, you should use append word “proto” and space. So, instead of “25/tcp”, you should write “25 proto tcp”.
sudo ufw insert 1 allow 80 – places “allow all traffic on port 80” rule at first place in rule set.
sudo ufw delete 1 – removes rule number 1 from rules list.
sudo ufw show user-rules – displays user-defined rule set. Can be also:
- raw – for displaying of all sets
- builtins – for internal rule set
- before-rules – for rules appended before main rule set
- user-rules – for rules defined by user (you)
- after-rules – for rules appended after main rule set
- logging-rules – for rules with logging enabled
- listening – for displaying listening tcp and open udp ports
sudo ufw delete deny out 8080 – removes rule “deny all outbound traffic on port 8080” from the rule set.
sudo ufw allow log 80/tcp – allows all traffic on tcp port 80, logging new connections only
sudo ufw allow log-all 80/tcp – allows all traffic on tcp port 80, logging all connections
NOTE: Always place “log” command between allowance mode and port.
sudo ufw logging off – turns off logging. Can be also “low”, “medium”, “high” and “full”. Defaults to “low”.
NOTE: Higher logging modes generate more logging information, which can overload your disk with time (especially on busy or overloaded system).
sudo ufw app list – display application profiles list
sudo ufw app info CUPS – display detailed profile for program named CUPS
sudo ufw allow 631 app CUPS – adds “allow all traffic on port 631” to CUPS application profile
sudo ufw app update CUPS – flushes firewall rules, related to CUPS application profile
NOTE: Profiles are generally used by software, essentially for remote management.
Default policy
Ufw is based on principle – check against all rules, and if no rule is applicable, follow default policy. This is common principle of iptables firewall, which sometimes causing confusion for new users.
For example, computer receives incoming packet from remote host for port 80. There is no rule defining what to do with incoming packets for port 80, so computer follows default policy.
Policies, by default, are set to “deny” for incoming and “accept” for outgoing, which seems reasonable enough.
See, there are few cases when we need to allow inbound connections, so, naturally, it’s easier to define “what to allow”, instead of defining everything denied. Same applies for outbound connections, since all networking application need remote access.
In rare case, when you would like to change default policy, you can issue one of the following commands:
sudo ufw default allow incoming – sets default policy to “allow inbound packets”
sudo ufw default reject outgoing – sets default policy to “refuse outbound packets”