Results 1 to 3 of 3

Thread: ufw how to

  1. #1
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Post ufw how to

    This is a small howto for UFW the uncomplicated firewall for BT4
    The majority of this info comes from the man page.
    There are other tutorials on the net for using this.
    There is also a gui we will talk about it a bit latter.

    First and foremost if you have something to add please do so.
    ufw is a front end for iptables.
    So in order for us to start ufw go to the command line
    Code:
    root@bt:~# ufw
    
    Usage: ufw COMMAND
    Commands:
    enable                        enables the firewall
    disable                       disables the firewall
    default ARG                   set default policy to ALLOW or DENY
    logging ARG                   set logging to ON or OFF
    allow|deny RULE               allow or deny RULE
    delete allow|deny RULE        delete the allow/deny RULE
    status                        show firewall status
    version                       display version information
    Application profile commands:
    app list                      list application profiles
    app info PROFILE              show information on PROFILE
    app update PROFILE            update PROFILE
    app default ARG               set profile policy to ALLOW, DENY or SKIP
    
    root@bt:~#
    So lets look at some of the usage flags.
    enable/disable are self explanatory.
    Code:
    # ufw enable
    we get back
    Code:
    root@bt:~# ufw enable
    Firewall started and enabled on system startup
    root@bt:~#
    Of course we would then have to reboot. When you do it will show up as enabled in the boot sequence. If it checks out you get the [OK].
    Now lets look at default and ALLOW DENY
    allow will as it states allow all defaults to take place which right now means that our
    firewall really does nothing. deny will stop all incoming and forwarded packets but
    it will not stop outgoing packets. So at the minimum this is better than nothing.
    Here is what it looks like
    Code:
    root@bt:~# ufw default deny
    Default policy changed to 'deny'
    (be sure to update your rules accordingly)
    root@bt:~#
    The same reminder is given every time. We will look at rules in a bit, first lets look at logging you can either turn it on or off.
    Code:
    #ufw logging on
    logging enabled
    The logs are stored at /var/log/messages or/kern.log and /syslog there is not a seperate log for ufw as of yet.
    You can gather information from them by using grep
    Code:
    #grep ufw /var/log/syslog
    Now let's look at the rules. There are again two options allow/deny rule.
    So here is where it can get a bit more complicated, complex. This is how we add certain ports and protocols.
    Code:
    # ufw allow 80
    rule updated
    So now port 80 http is open. Close it again with
    Code:
    # ufw deny 80
    Now with just the port it will allow or deny traffic from both tcp and udp.

    Now we can specify with the protocol like the following 80/tcp
    We can also delete a rule and it will revert to whatever the default policy had at the beginning.
    More complicated rules can be made as well. For instance we want to blacklist certain IP address we can by supplying the
    address to the rule set.
    Code:
    # ufw allow from 192.168.1.100
    You can also specify certain protocols with certain IP's like so:
    Code:
    #ufw allow from 192.168.1.1 to any port 22
    This will allow 192.168.1.1 to access port 22 on both tcp and udp.
    If you want to allow only tcp append it to the end of the port 22/tcp
    You can also use a netmask. Next let's look at services. You can set services that can be found in
    Code:
    #cat /etc/services
    For instance we want to allow telnet then we simply give
    Code:
    # ufw allow telnet
    That simple.
    Probably the best usage flag in ufw is the --dry-run which will not make any real changes but only show what would occur with the new rule in place.

    We can also delete a rule and it will revert to whatever the default policy had at the beginning. More complicated rules can be made as well. For instance we want to blacklist certain IP address we can by supplying the
    address to the rule set.
    Code:
    # ufw allow from 192.168.1.100
    You can also specify certain protocols with certain IP's like so:
    Code:
    #ufw allow from 192.168.1.1 to any port 22
    This will allow 192.168.1.1 to access port 22 on both tcp and udp.
    If you want to allow only tcp append it to the end of the port 22/tcp
    You can also use a netmask. Next let's look at services. You can set services that can be found in
    Code:
    #cat /etc/services
    For instance we want to allow telnet then we simply give
    Code:
    # ufw allow telnet
    That simple.
    One caveat though is that the service must be installed on the host.
    Probably the best usage flag in ufw is the --dry-run which will not make any real changes but only show what would occur with the new rule in place.
    So for example
    Code:
    #ufw --dry-run deny ssh
    If the rule will not work or the syntax is wrong it will spit back an error.
    Also when adding rules the first match wins according to the man page.
    So make your specific rules first then the general ones.

    There are more to the rules as well as support for applications themselves.

    Next thing we can look at is adding the gui interface, if needed.
    The link is here, this download is a ".deb" package, you can install it using
    Code:
    #dpkg -i gufw_0.0.7c-all.deb

    There are more things that can be done and if anyone needs help with it make a post here about it.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  2. #2
    Senior Member
    Join Date
    Feb 2009
    Posts
    153

    Default

    Nice tutorial man!

    To run gui type gufw.

  3. #3
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by fossilk1 View Post
    Nice tutorial man!

    To run gui type gufw.
    Thanks fossilk1

    and yes to run the gui type gufw.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •