This document is a WORK IN PROGRESS.
This is just a quick personal cheat sheet: treat its contents with caution!
ufw¶
ufw stands for uncomplicated firewall, and is just that. It uses logs such as those obtained by
syslog-ng for monitoring, and uses iptables as a back end. ufw supports both IPv4 and IPv6.
Reference(s)
Table of contents¶
Install¶
A correct kernel config is needed:
$ cd /usr/src/linux
# make nconfig # or `# make menuconfig`
# IP v4 settings
# Double check here: <https://wiki.gentoo.org/wiki/Ufw#Kernel>
#
> [*] Networking support ---> # Symbol: NET [=y]
> Networking options --->
> [*] Network packet filtering framework (Netfilter) ---> # Symbol: NETFILTER [=y]
> Core Netfilter Configuration --->
> <*> NetBIOS name service protocol support # Symbol: NF_CONNTRACK_NETBIOS_NS [=y]
# IP v6 settings
# Double check here: <https://wiki.gentoo.org/wiki/Ufw#Kernel>
#
> [*] Networking support ---> # Symbol: NET [=y]
> Networking options --->
> [*] Network packet filtering framework (Netfilter) ---> # Symbol: NETFILTER [=y]
> IPv6: Netfilter Configuration --->
> <*> "rt" Routing header match support # Symbol: IP6_NF_MATCH_RT [=y]
> <*> "HL" hoplimit target support # Symbol: IP6_NF_TARGET_HL [=y]
# Iptables
# Double check here: <https://wiki.gentoo.org/wiki/Iptables#Kernel>
#
⚠️ TODO⚠️
Warning
After configuring the kernel don't forget to do a kernel make and rebuild!
Config¶
Add ufw to the default boot level and start it:
Depending on your runit implementation, either run:
Use¶
-
Enable
ufw(only required one time after the package has been installed) -
Allow ssh (if wanted) which is blocked by default:
-
Create a simple configuration (just an example):
-
Get a list of possible applications to add:
-
Add an application:
Notes¶
For Nextcloud?:
If this cheat sheet has been useful to you, then please consider leaving a star here.