I’ve been using rc.firewall scripts since rh73 and with every adsl-start, the rc.firewall script is run and the new ppp0 IP is resolved so that the firewall rules are updated by the script.

I’m trying to replace my trusty rh73 server with the 8.04 server and would like to try using ufw, but if necessary I’m more than willing to revert back to using iptables scripts.

For your pleasure:

> man ufw | cat

UFW:(8) UFW:(8)

NAME
ufw - program for managing a netfilter firewall

DESCRIPTION
This program is for managing a Linux firewall and aims to provide an
easy to use interface for the user.

USAGE
ufw [--dry-run] enable|disable

ufw [--dry-run] default allow|deny

ufw [--dry-run] logging on|off

ufw [--dry-run] status

ufw [--dry-run] [delete] allow|deny PORT[/protocol]

ufw [--dry-run] [delete] allow|deny [proto protocol] [from ADDRESS
[port PORT]] [to ADDRESS [port PORT]]

OPTIONS
–version
show program’s version number and exit

-h, –help
show help message and exit

–dry-run
don’t modify anything, just show the changes

enable reloads firewall and enables firewall on boot

disable
unloads firewall and disables firewall on boot

default allow|deny
change the default policy for incoming traffic. Note that exist‐
ing rules will have to be migrated manually when changing the
default policy.

logging on|off
toggle logging

status show status of firewall and ufw managed rules

allow RULE
allow RULE. See RULE SYNTAX

deny RULE
deny RULE. See RULE SYNTAX

delete allow|deny RULE
deletes the corresponding allow/deny RULE

RULE SYNTAX
Users can specify rules using either a simple syntax or a full syntax.
The simple syntax only specifies the port and optionally the protocol
to be allowed or denied on the host. For example:

ufw allow 53

This rule will allow tcp and udp port 53 to any address on this host.
To specify a protocol, append ’/protocol’ to the port. For example:

ufw allow 25/tcp

This will allow tcp port 25 to any address on this host. ufw will also
check /etc/services for the port and protocol if specifying a service
by name. Eg:

ufw allow smtp

Users can also use a fuller syntax, specifying the source and destina‐
tion addresses and ports. This syntax is based on OpenBSD’s PF syntax.
For example:

ufw deny proto tcp to any port 80

This will deny all traffic to tcp port 80 on this host. Another exam‐
ple:

ufw deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25

This will deny all traffic from the RFC1918 Class A network to tcp port
25 with the address 192.168.0.1.

ufw deny proto tcp from 2001:db8::/32 to any port 25

This will deny all traffic from the IPv6 2001:db8::/32 to tcp port 80
on this host. Note that IPv6 must be enabled in /etc/default/ufw for
IPv6 firewalling to work.

To delete a rule, simply prefix the original rule with delete. For
example, if the original rule was:

ufw deny 80/tcp

Use this to delete it:

ufw delete deny 80/tcp

EXAMPLES
Deny all access to port 53:

ufw deny 53

Allow all access to tcp port 80:

ufw allow 80/tcp

Allow all access from RFC1918 networks to this host:

ufw allow from 10.0.0.0/8
ufw allow from 172.16.0.0/12
ufw allow from 192.168.0.0/16

Deny access to udp port 514 from host 1.2.3.4:

ufw deny proto udp from 1.2.3.4 to any port 514

Allow access to udp 1.2.3.4 port 5469 from 1.2.3.5 port 5469:

ufw allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469

REMOTE MANAGEMENT
When running ufw enable or starting ufw via its initscript, ufw will
flush its chains. This is required so ufw can maintain a consistent
state, but it will drop existing connections (eg ssh). ufw does support
adding rules before enabling the firewall, so administrators can do:

ufw allow proto tcp from any to any port 22

before running ’ufw enable’. The rules will still be flushed, but the
ssh port will be open after enabling the firewall. Please note that
once the ufw is ’enabled’, ufw will not flush the chains when adding or
removing rules (but will when modifying a rule or changing the default
policy).

NOTES
Rule ordering is important and the first match wins. Therefore when
adding rules, add the more specific rules first with more general rules
later.

ufw is not intended to provide complete firewall functionality via its
command interface, but instead provides an easy way to add or remove
simple rules. It is currently mainly used for host-based firewalls.

Currently, ufw is a front-end for iptables-restore, with its rules
saved in /etc/ufw/before.rules, /etc/ufw/after.rules and
/var/lib/ufw/user.rules. Administrators can customize before.rules and
after.rules as desired using the standard iptables-restore syntax.
Rules are evaluated as follows: before.rules first, user.rules next,
and after.rules last. IPv6 rules are evaluated in the same way, with
the rules files named before6.rules, user6.rules and after6.rules.
Please note that ufw status only shows rules added with ufw and not the
rules found in the /etc/ufw rules files.

ufw will read in /etc/ufw/sysctl.conf on boot when enabled. To change
this behavior, modify /etc/default/ufw.

SEE ALSO
iptables(8), ip6tables(8), iptables-restore(8), ip6tables-restore(8),
sysctl(8), sysctl.conf(5)

AUTHOR
ufw is (C) 2008, Canonical Ltd.

This manual page was originally written by Jamie Strandboge

January 2008 UFW:(8)

I initially put in sudo ufw deny all and then started going back and putting in the ports I needed opened. Any help would be great.