Uncomplicated Firewall (ufw) is a simple frontend for iptables that is designed to be easy to use.
Template:Package Official can be installed from the [community] repository.
You need to include ufw in your daemons array in rc.conf, ideally before bringing up your network interfaces. Do not include the iptables daemon because it simply loads an iptables ruleset from Template:Filename.
# ufw default deny # ufw allow from 192.168.0.0/24 # ufw allow Deluge # ufw allow SSH
The next line is only need once the first time you install the package. From there on out, either put ufw in your daemons array in rc.conf or control it via the standard rc.d script (i.e. rc.d start ufw):
# ufw enable
Finally, query the rules being applied via the status command:
# ufw status
Status: active To Action From -- ------ ---- Anywhere ALLOW 192.168.0.0/24 Deluge ALLOW Anywhere SSH ALLOW Anywhere
Adding Other Applications
The PKG comes with some defaults based on the default ports of many common daemons and programs. Inspect the options by looking in the /etc/ufw/applications.d directory or by listing them in the program itself:
# ufw app list
If users are running any of the applications on a non-standard port, it is recommended to simply make Template:Filename containing the needed data using the defaults as a guide.
Example, deluge with custom tcp ports that range from 20202-20205:
[Deluge-my] title=Deluge description=Deluge BitTorrent client ports=20202:20205/tcp
# ufw delete allow Deluge # ufw allow Deluge-my
Query the result via the status command:
# ufw status
Status: active To Action From -- ------ ---- Anywhere ALLOW 192.168.0.0/24 SSH ALLOW Anywhere Deluge-my ALLOW Anywhere
Rate Limiting with ufw
# ufw limit ssh Rule updated # ufw status
Status: active To Action From -- ------ ---- Anywhere ALLOW 192.168.0.0/24 SSH LIMIT Anywhere Deluge-my ALLOW Anywhere