UFW Firewall Installation and setup

Step 1 Installation of the required package.

sudo apt update
sudo apt install ufw

Step 2

An example of the Allow method.

sudo ufw allow ssh
sudo ufw allow 22
sudo ufw allow from (public ip adresses) to any port 22
sudo ufw allow in on eth0 to any port 80
sudo ufw insert 1 allow from 10.0.0.0/24 to any
sudo ufw insert 10 allow from 192.168.1.0/24 to any
sudo ufw allow in on ppp0 to any port 22
sudo ufw allow in on enp1 to any port 22
sudo ufw allow in on enp1s0 to any port 22
sudo ufw delete allow 80
sudo ufw delete allow http

Step 3

An example of the Deny method.

sudo ufw deny http
sudo ufw insert 10 deny from (public ip adresses) to any
sudo ufw insert 10 deny from public ip .0/24 to any
sudo ufw insert 10 deny from public ip .0.0/16 to any
sudo ufw insert 10 deny from publik ip .0.0.0/8 to any

Step 3

Delete numered.

sudo ufw status numbered
sudo ufw delete 2

Step 4

Enable disable restart or reset.

sudo ufw status
sudo ufw status numbered
sudo ufw status verbose
sudo ufw disable
sudo ufw enable
sudo ufw reload
sudo ufw reset
sudo systemctl restart ufw
sudo systemctl status ufw

Step 5

Enable or disable ipv6

sudo nano /etc/default/ufw

/etc/default/ufw excerpt

IPV6=yes

Step 6

UFW Forward Masquerade

Edit the following file in: sudo nano /etc/default/ufw set up ACCEPT

DEFAULT_FORWARD_POLICY="ACCEPT"

Edit the following file in: sudo nano /etc/sysctl.conf add the following line:

net.ipv4.ip_forward=1

Here you need to allow the exit of your local network to the Internet ...

Edit the following file add to the bottom (for example) sudo nano /etc/ufw/before.rules

COMMIT
# Add to the bottom of the file below COMMIT
# NAT
*nat
-F
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.0.0.0/24 -o enp1s0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.0/24 -o enp4s0 -j MASQUERADE
COMMIT

Port Forwardings:

COMMIT
# NAT table rules
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]

# Port Forwardings
-A PREROUTING -i enp1s0 -p tcp --dport 22 -j DNAT --to-destination 10.0.0.10

# Forward traffic through eth0 - Change to match you out-interface
-A POSTROUTING -s 10.0.0.0/24 -o enp1s0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.0/24 -o enp4s0 -j MASQUERADE

# don't delete the 'COMMIT' line or these nat table rules won't
# be processed
COMMIT

Run the command to refresh the settings:

sudo ufw reload