UFW (Uncomplicated Firewall) is a simple front-end for iptables.
ufw status # Default output ufw status verbose # Also list Logging, Default policies and profiles
Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), deny (routed) New profiles: skip To Action From -- ------ ---- 80 ALLOW Anywhere 22 ALLOW 192.168.178.9 80 (v6) ALLOW Anywhere (v6)
The following commands will enable/disable the firewall AND update the startup scripts that automatically start the firewall on boot.
ufw enable ufw disable
ufw allow 53 # Allow incoming access to both UDP + TCP on port 53 (DNS) ufw allow 53/tcp # Allow only incoming tcp traffic ufw allow 53/udp # Allow only incoming udp traffic ufw allow from 192.168.178.9 to any port 99/tcp # Allow access to port from given IP ufw allow 1000:2000/tcp # Allow port-range
ufw show raw # Show the raw ip tables ufw delete deny 80/tcp # Delete a rule by prefixing the same rule with 'delete' ufw ufw status numbered # List rules with rule-numbers ufw delete [number] # Delete rule by number ufw reset # Reset all the rules to default settings
It's important to know that Docker updates iptables directly.
This means that if you run
ufw status, you might assume your firewall is blocking all ports.
However, when you start a Docker container and expose a port, Docker will update iptables directly to
allow access to the exposed port.
You can disable this functionality by editing
/etc/default/docker and change the
Be sure to restart the Docker daemon using:
service restart docker