49 lines
1.3 KiB
Plaintext
49 lines
1.3 KiB
Plaintext
ufw
|
|
---
|
|
On installation, ufw is not automatically enabled. To load the firewall and
|
|
enable it on boot, run:
|
|
|
|
# ufw enable
|
|
|
|
See 'man ufw' and README for more information.
|
|
|
|
|
|
Upgrading
|
|
---------
|
|
It is important to note that to properly support remote users, the firewall
|
|
will not be automatically restarted during upgrades. After an upgrade, either
|
|
reboot or perform:
|
|
|
|
# /etc/init.d/ufw restart
|
|
|
|
Please note that the above command will briefly open the firewall before
|
|
reloading the rules.
|
|
|
|
|
|
Preseeding
|
|
----------
|
|
ufw has support for preseeding. To enable a default deny firewall, add to your
|
|
preseed file:
|
|
ufw ufw/enable boolean true
|
|
|
|
And to allow a service, use:
|
|
ufw ufw/allow_known_ports multiselect SSH, WWW
|
|
|
|
Currently, ufw knows about the following services:
|
|
Cups # tcp and udp port 631
|
|
DNS # tcp and udp port 53
|
|
Imap (Secure) # tcp port 993
|
|
Pop3 (Secure) # tcp port 995
|
|
SSH # tcp port 22
|
|
Samba # udp ports 137, 138 and tcp ports 139, 445
|
|
Smtp # tcp port 25
|
|
WWW # tcp port 80
|
|
WWW (Secure) # tcp port 443
|
|
|
|
You may also add additional ports by supplying a space separated list of
|
|
services from /etc/services, a port number or a port/protocol combination. Eg:
|
|
ufw ufw/allow_custom_ports string auth 8080 1194/udp
|
|
|
|
Please keep in mind that these ports and services are not associated with ufw
|
|
application profiles.
|