Resources
UFW is a user friendly method of managing incoming and outgoing firewall rules on a Linux system.
Common rule creation syntax
Allows both tcp and udp for specified port
ufw allow 53
Allows specified port over specified protocol
ufw allow 53/udp
Utilize in or out to apply rules to incoming or outgoing traffic
ufw allow in http
ufw reject out smtp
Deny traffic to specific interface
ufw deny in on eth0 to 192.168.0.1 port 25 proto tcp
Allow multiple ports for specific use case such as a web app
ufw allow proto tcp from any to any port 80,443,8080:8090 comment 'web application'
Allow traffic in from a specific IP
ufw allow from 192.168.0.1
Allow traffic from specific IP to specific port
ufw allow from 192.168.0.1 proto tcp to any port 443
Alternatively allow an entire subnet by replacing the ip
192.168.0.1with192.168.0.0/24
Creating an Application profile for UFW
Create a file with the application name in /etc/ufw/applications.d
[SomeApp]
Title=SomeApp
Description=SomeApp is a demo app.
ports=8080,8081/tcp|12/udp
Register the app in UFW for use with UFW rules
ufw app update someapp
Use the app in a policy
ufw allow someapp
ufw allow from 192.168.0.1 to any app 'someapp'