Disable IP and port
1. Method 1: iptables
iptables v1.8.4 Usage: iptables -[ACD] chain rule-specification [options] iptables -I chain [rulenum] rule-specification [options] iptables -R chain rulenum rule-specification [options] iptables -D chain rulenum [options] iptables -[LS] [chain [rulenum]] [options] iptables -[FZ] [chain] [options] iptables-[NX] chain iptables -E old-chain-name new-chain-name iptables -P chain target [options] iptables -h (print this help information) Commands: Either long or short options are allowed. --append -A chain Append to chain --check -C chain Check for the existence of a rule --delete -D chain Delete matching rule from chain --delete -D chain rulenum Delete rule rulenum (1 = first) from chain --insert -I chain [rulenum] Insert in chain as rulenum (default 1=first) --replace -R chain rulenum Replace rule rulenum (1 = first) in chain --list -L [chain [rulenum]] List the rules in a chain or all chains --list-rules -S [chain [rulenum]] Print the rules in a chain or all chains --flush -F [chain] Delete all rules in chain or all chains --zero -Z [chain [rulenum]] Zero counters in chain or all chains --new -N chain Create a new user-defined chain --delete-chain -X [chain] Delete a user-defined chain --policy -P chain target Change policy on chain to target --rename-chain -E old-chain new-chain Change chain name, (moving any references) Options: --ipv4 -4 Nothing (line is ignored by ip6tables-restore) --ipv6 -6 Error (line is ignored by iptables-restore) [!] --protocol -p proto protocol: by number or name, eg. `tcp' [!] --source -s address[/mask][…] source specification [!] --destination -d address[/mask][...] destination specification [!] --in-interface -i input name[ + ] network interface name ([ + ] for wildcard) --jump -j target target for rule (may load target extension) --goto -g chain jump to chain with no return --match -m match extended match (may load extension) --numeric -n numeric output of addresses and ports [!] --out-interface -o output name[ + ] network interface name ([ + ] for wildcard) --table -t table table to manipulate (default: `filter') --verbose -v verbose mode --wait -w [seconds] maximum wait to acquire xtables lock before give up --wait-interval -W [usecs] wait time to try to acquire xtables lock default is 1 second --line-numbers print line numbers when listing --exact -x expand numbers (display exact values) [!] --fragment -f match second or further fragments only --modprobe=<command> try to insert modules using this command --set-counters PKTS BYTES set the counter during insert/append [!] --version -V print package version.
- port
iptables -A INPUT -p tcp --dport 80 -j DROP iptables -A INPUT -p tcp --dport 5053 -j DROP
- IP
iptables -I INPUT -s 10.115.10.129 -j DROP
- save configuration
sudo service iptables save
The actual measurement of this command line fails, and an error is reported: iptables: unrecognized service
The following can
sudo iptables-save
2. Method 2: ufw
UFW (Uncomplicated Firewall) is a firewall configuration tool that comes with Ubuntu. UFW is a user-friendly front-end tool for managing iptables firewall rules. Its main purpose is to make managing iptables easier.
Usage: ufw COMMAND Commands: enable enables the firewall disable disables the firewall default ARG set default policy logging LEVEL set logging to LEVEL allow ARGS add allow rule deny ARGS add deny rule reject ARGS add reject rule limit ARGS add limit rule delete RULE|NUM delete RULE insert NUM RULE insert RULE at NUM route RULE add route RULE route delete RULE|NUM delete route RULE route insert NUM RULE insert route RULE at NUM reload reload firewall reset reset firewall status show firewall status status numbered show firewall status as numbered list of RULES status verbose show verbose firewall status show ARG show firewall report version display version information Application profile commands: app list list application profiles app info PROFILE show information on PROFILE app update PROFILE update PROFILE app default ARG set default application policy
After Ubuntu is installed, ufw is not started by default. So if you run the above statement directly, then it will use the default rules after it starts to prohibit all traffic, including port 22 of SSH. If it is a remote operation on SSH, it will be a tragedy, so you must first enable the port of SSH (the default is 22, if you set other ports, add them)
sudo ufw allow 22 sudo ufw reject 80 #(reject, return directly: Connection refused) sudo ufw deny 5053 #(deny, return after a while: Connection timed out) sudo ufw enable sudo ufw status
- Check if the ufw firewall is working and check the rules in use
ufw status
- Enable/disable/reset ufw firewall
ufw enable ufw disable ufw reset
- Allow other hosts to access port 21 of this machine, the protocol includes tcp and udp
ufw allow 21
-Allow other hosts to use tcp protocol to access port 80 of this machine
ufw allow 80/tcp
- You can use in or out to specify inward or outward. If not specified, the default is in
Allow access to the local http port
ufw allow in http
- Prohibit other hosts from accessing port 80 of this machine,
-
reject, directly tell the rejection, and return more prompt information, such as when ssh the host, directly return: Connection refused
-
deny, deny, return few prompt information, for example, when ssh the host, it will return after a while: Connection timed out
-
ufw reject 80
ufw deny 80
- Prohibit external access of this machine to 192.168.1.1
(actually useful)
ufw deny out to 192.168.1.1
- Prohibit 192.168.1.1 internal access to this machine
(The actual test is useless)
ufw deny from 192.168.1.1
- To delete a rule, just add delete to the command
ufw delete deny 80/tcp
- open/close log
ufw logging on ufw logging off
After logging on, the default is low level. ufw supports several levels: ‘low’, ‘medium’, ‘high’ and ‘full’. Simply put, there are fewer low-level records, and other levels of records increase step by step. Using the default low level is enough. The log file is saved in the /var/log/ufw.log file, and the last few lines can be displayed in the form of tail -n COUNT file
Reference documents
iptables shields IP and port numbers under Linux
Detailed explanation of Ubuntu 18.04 firewall setting ufw
How to Set Up a Firewall Using UFW on Ubuntu 20.04
Ubuntu’s own firewall ufw configuration and usage