1. 开放服务
ufw allow 'Nginx Full' #添加策略 ufw delete allow 'Nginx Full' #删除策略
2. 开放端口
ufw allow 80 ufw delete allow 80
3. 只开放ipv4/tcp端口
ufw allow proto tcp from 192.168.0.0/16 to any port 80 ufw delete allow proto tcp from 192.168.0.0/16 to any port 80
4. 禁用端口
ufw deny 443 ufw delete deny 443
5. 端口转发
5.1 启用端口转发(/etc/sysctl.conf)
vim /etc/sysctl.conf net.ipv4.ip_forward = 1 #增加或修改该字段,值设为1
激活sysctl配置
sysctl -p
5.2 配置默认规则(/etc/default/ufw)
vim /etc/default/ufw DEFAULT_FORWARD_POLICY="ACCEPT" #该值设为ACCEPT
5.3 配置转发策略(/etc/ufw/before.rules)
注1:在文末添加策略
注2:最后要commit
注3:注意IP所在的网卡
vi /etc/ufw/before.rules
#在末尾增加以下字段 *nat :PREROUTING - [0:0] :POSTROUTING - [0:0] -A PREROUTING -i eth0 -p tcp --dport 22 -j DNAT --to-destination 192.168.1.100:22 -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE -A POSTROUTING -s 10.0.0.0/20 -o eno2 -j MASQUERADE COMMIT
5.4 重新加载防火墙策略
ufw reload
或
ufw disable ufw enable
注:ufw底层其实还是iptables!
标签:sysctl,端口,防火墙,192.168,etc,allow,ubuntu,ufw From: https://www.cnblogs.com/santia-god/p/17180977.html