UFW command examples

sudo ufw status
sudo ufw status verbose
sudo ufw status numbered

sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw allow mysql

sudo ufw delete allow https

sudo ufw allow to any port 2345
sudo ufw delete allow to any port 2345

sudo ufw allow to any port 2345 proto udp
sudo ufw delete allow to any port 2345 proto udp

sudo ufw allow from 192.168.0.5 to any port 2345
sudo ufw delete allow from 192.168.0.5 to any port 2345

sudo ufw allow from 192.168.0.0/24 to any port 2345
sudo ufw delete allow from 192.168.0.0/24 to any port 2345

UFW, IPTABLES and IP FORWARDING

BY Default, UFW blocks IP Forwarding. To enable packet forwarding, two configuration files will need to be adjusted, in /etc/default/ufw change the DEFAULT_FORWARD_POLICY to “ACCEPT”:

DEFAULT_FORWARD_POLICY="ACCEPT"

Then edit /etc/ufw/sysctl.conf and uncomment:

net/ipv4/ip_forward=1
#for IPv6 forwarding uncomment:
net/ipv6/conf/default/forwarding=1

To enable IPv4 packet forwarding by editing /etc/sysctl.conf and uncomment the following line:

net.ipv4.ip_forward=1
# If you wish to enable IPv6 forwarding also uncomment:
net.ipv6.conf.default.forwarding=1

Execute the sysctl command to enable the new settings in the configuration file:

sudo sysctl -p

Create my-iptables-rules:

$ sudo vi /etc/network/if-up.d/my-iptables-rules
#!/bin/bash
FLAG="/tmp/my-iptables-settings"
if [ -f ${FLAG} ]; then
  echo "Already set my iptables rules. Skip it."
  exit 0
fi

#sample iptables rules
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE

touch ${FLAG}
exit 0

Reference:https://help.ubuntu.com/lts/serverguide/firewall.html

firewall-cmd examples

firewall-cmd --get-default-zone
firewall-cmd --get-zones

firewall-cmd --list-interfaces
firewall-cmd --add-interface=<interface>

firewall-cmd --add-service=http

firewall-cmd --add-port=443/tcp
firewall-cmd --permanent --add-port=443/tcp

firewall-cmd --add-masquerade
firewall-cmd --add-service=dns --add-service=dhcp
firewall-cmd --runtime-to-permanent

firewall-cmd --permanent --direct --get-all-rules