ubuntu 操作系统下的ufw 防火墙配置 （二）

7）指定网段开放端口

假设你希望允许IP地址为192.168.1.10的主机连接SSH（默认端口为22），可以使用以下命令：

ufw allow from 192.168.1.10 to any port 22 proto tcp

#网段

sudo ufw allow from 192.168.1.0/24 to any port 22

#其他端口

sudo ufw allow from 192.168.1.0/24 to any port 80

#案例

root@meng:~# ufw allow from 192.168.1.17 to any port 22 proto tcp

Rule added

root@meng:~# ufw status

Status: active

To Action From

22/tcp ALLOW 192.168.1.17

root@meng:~# ufw allow from 192.168.10.17 to any port 22 proto tcp

Rule added

root@meng:~# ufw status

Status: active

To Action From

22/tcp ALLOW 192.168.1.17

22/tcp ALLOW 192.168.10.17

8）设置默认策略： 为了确保安全，设置默认策略为拒绝所有入站流量，并允许所有出站流量。

sudo ufw default deny incoming

sudo ufw default allow outgoing

root@meng:~# ufw default deny incoming

Default incoming policy changed to 'deny'

(be sure to update your rules accordingly)

root@meng:~# ufw default allow outgoing

Default outgoing policy changed to 'allow'

(be sure to update your rules accordingly)

9）删除规则

显示序号

sudo ufw status numbered

root@meng:~# ufw status numbered

Status: active

To Action From -- ------ ----

[ 1] 22/tcp ALLOW IN 192.168.1.17

[ 2] 22/tcp ALLOW IN 192.168.10.17

[ 3] 22/tcp ALLOW IN 192.168.204.179

[ 4] 22/tcp ALLOW IN 192.168.10.1

root@meng:~# ufw delete 1

Deleting:

allow from 192.168.1.17 to any port 22 proto tcp

Proceed with operation (y|n)? y

Rule deleted

root@meng:~# ufw status

Status: active

To Action From

22/tcp ALLOW 192.168.10.17

22/tcp ALLOW 192.168.204.179

22/tcp ALLOW 192.168.10.1

root@meng:~# ufw status numbered

Status: active

To Action From -- ------ ----

[ 1] 22/tcp ALLOW IN 192.168.10.17

[ 2] 22/tcp ALLOW IN 192.168.204.179

[ 3] 22/tcp ALLOW IN 192.168.10.1