银河麒麟V10_ufw防火墙设置
基本命令
sudo ufw [commands]
Commands:
enable #enables the firewall
disable #disables the firewall
default ARG #set default policy
logging LEVEL #set logging to LEVEL
allow ARGS #add allow rule
deny ARGS #add deny rule
reject ARGS #add reject rule
limit ARGS #add limit rule
delete RULE|NUM #delete RULE
insert NUM RULE #insert RULE at NUM
route RULE #add route RULE
route delete RULE|NUM #delete route RULE
route insert NUM RULE #insert route RULE at NUM
reload #reload firewall
reset #reset firewall
status #show firewall status
status numbered #show firewall status as numbered list of RULES
status verbose #show verbose firewall status
show ARG #show firewall report
version #display version information
Application profile commands:
app list #list application profiles
app info PROFILE #show information on PROFILE
app update PROFILE #update PROFILE
app default ARG #set default application policy
备注:
临时关闭:service ufw stop
临时启动:sudo service ufw start
只有这几个命令 {start|stop|restart|force-reload|status}
1 NAME名称
NAME名称
ufw - program for managing a netfilter firewall
网络过滤式防火墙管理程序。
2 DESCRIPTION描述
DESCRIPTION描述
This program is for managing a Linux firewall and aims to provide an easy to use interface for the user.
该Linux防火墙管理程序目标是提供简单的使用界面。
3 USAGE用法
USAGE用法
[–dry-run]选项,仅显示运行结果而不实际运行
启动\关闭\重启
ufw [--dry-run] enable|disable|reload
默认策略 允许\拒绝\拒绝并提示 [进入\发出\路由 的数据]
ufw [--dry-run] default allow|deny|reject [incoming|outgoing|routed]
日志 启动\关闭\级别
ufw [--dry-run] logging on|off|LEVEL
重置
ufw [--dry-run] reset
规则、状态 [详细\序号]
ufw [--dry-run] status [verbose|numbered]
显示“报告”
ufw [--dry-run] show REPORT
[删除][插入 第 行] 允许\拒绝\拒绝并提示\限制 [数据 进入\发出][记录\全记录] 端口[/协议]
ufw [--dry-run] [delete] [insert NUM] allow|deny|reject|limit [in|out] [log|log-all] PORT[/PROTOCOL]
[规则][删除][插入 第 行] 允许\拒绝\拒绝并提示\限制 [数据 进入\发出[网络接口]][记录\全记录] [协议 ][来自[端口 ]][指向[端口**]
ufw [--dry-run] [rule] [delete] [insert NUM] allow|deny|reject|limit [in|out [on INTERFACE]] [log|log-all] [proto PROTOCOL] [from ADDRESS [port PORT]] [to ADDRESS [port PORT]]
路由[删除][插入 第 行] 允许\拒绝\拒绝并提示\限制 [数据 进入\发出[网络接口]][记录\全记录] [协议 ][来自[端口 ]][指向[端口**]
ufw [--dry-run] route [delete] [insert NUM] allow|deny|reject|limit [in|out on INTERFACE] [log|log-all] [proto PROTOCOL] [from ADDRESS [port PORT]] [to ADDRESS [port PORT]]
删除第*行规则
ufw [--dry-run] delete NUM
应用名 列表\信息\默认策略\更新
ufw [--dry-run] app list|info|default|update
4 OPTIONS选项
OPTIONS选项
--version
#show program's version number and exit
#显示程序版本并退出
-h, --help
#show help message and exit
#显示帮助并退出
--dry-run
#don't modify anything, just show the changes
#不进行更改,仅显示更改内容
enable
#reloads firewall and enables firewall on boot.
#重启防火墙,设置为开机启动
disable
#unloads firewall and disables firewall on boot
#停止防火墙,禁止开机启动
reload
#reloads firewall
#重启防火墙
default allow|deny|reject DIRECTION
#change the default policy for traffic going DIRECTION, where DIRECTION is
#one of incoming, outgoing or routed. Note that existing rules will have
#to be migrated manually when changing the default policy. See RULE SYNTAX
#for more on deny and reject.
#改变传入\传出\路由的默认策略。已存在的规则可能需要进行手动修改。关于deny|reject的区别参见 SYNTAX
logging on|off|LEVEL
#toggle logging. Logged packets use the LOG_KERN syslog facility. Systems
#configured for rsyslog support may also log to /var/log/ufw.log. Specify‐
#ing a LEVEL turns logging on for the specified LEVEL. The default log
#level is 'low'. See LOGGING for details.
#切换记录。日