This is Gentoo's testing wiki. It is a non-operational environment and its textual content is outdated.
Please visit our production wiki at https://wiki.gentoo.org
Ufw
Ufw stands for uncomplicated firewall, and is just that. It uses logs such as those obtained by syslog-ng for monitoring, and uses iptables as a back end. Ufw supports both ip v4 & ip v6.
Installation
Kernel
The following kernel configuration must be made before ufw will work.
[*] Networking support ---> Networking options ---> [*] Network packet filtering framework (Netfilter) ---> Core Netfilter Configuration ---> <M> NetBIOS name service protocol support
IP version 6 is not required, however it is highly recommended.
[*] Networking support ---> Networking options ---> [*] Network packet filtering framework (Netfilter) ---> IPv6: Netfilter Configuration ---> <M> "rt" Routing header match support <M> "HL" hoplimit target support
USE flags
USE flags for net-firewall/ufw A program used to manage a netfilter firewall
Emerge
root #emerge --ask ufwService
To allow ssh by default:
root #ufw allow sshssh is blocked by default.
OpenRC
To start ufw at boot:
root #rc-update add ufw defaultTo start ufw immediately:
root #rc-service ufw startsystemd
To start ufw at boot:
root #systemctl enable ufwTo start ufw immediately:
root #systemctl start ufwConfiguration
To create a simple configuration, run:
root #ufw default denyroot #ufw allow from 192.168.0.0/24root #ufw allow <application-name>To get a list of possible applications to add, run:
root #ufw app listThen replace <application-name> with the name of the desired application. For example, to allow incoming Deluge traffic:
root #ufw allow DelugeNext run
root #ufw enableThe last step is only required only the first time you install the package.