Uncomplicated Firewall (UFW)

sudo ufw enable|disable
sudo ufw reload
sudo ufw status [verbose]
sudo ufw allow|deny 22/tcp: allow|deny port 22
sudo ufw allow|deny from 192.168.1.100: allow specific IP address
sudo ufw allow from 192.168.1.100 to any port 80: allow traffic from specific IP to any address on port 80
sudo ufw allow in on eth0 from 192.168.1.0/24 to 192.168.2.10 port 80
sudo ufw delete allow 22/tcp: delete a rule
sudo ufw reset: reset ufw to default state which is disabled and all user rules will be deleted
sudo ufw logging on|off: enable logging
sudo ufw route allow from 192.168.1.0/24: Allow routing from 192.168.1.0/24 network
sudo ufw route allow in on eth0 out on eth1 from 192.168.1.0/24: allow routing for network 192.168.1.0/24 from eth0 to eth1 interface

Configure NAT

Allow Masquerade

edit /etc/ufw/before.rules
Add below configuration before COMMIT section

*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

ufw reload

PreviousNftables NextMacOS

Last updated 6 months ago