特殊:Badtitle/NS100:Uncomplicated Firewall ufw
 |
文章出处: |
{{#if: | {{{2}}} | https://help.ubuntu.com/community/Uncomplicated_Firewall_ufw }} |
|
点击翻译: |
English {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/af | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|Afrikaans| [[::Uncomplicated Firewall ufw/af|Afrikaans]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/ar | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|العربية| [[::Uncomplicated Firewall ufw/ar|العربية]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/az | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|azərbaycanca| [[::Uncomplicated Firewall ufw/az|azərbaycanca]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/bcc | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|جهلسری بلوچی| [[::Uncomplicated Firewall ufw/bcc|جهلسری بلوچی]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/bg | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|български| [[::Uncomplicated Firewall ufw/bg|български]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/br | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|brezhoneg| [[::Uncomplicated Firewall ufw/br|brezhoneg]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/ca | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|català| [[::Uncomplicated Firewall ufw/ca|català]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/cs | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|čeština| [[::Uncomplicated Firewall ufw/cs|čeština]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/de | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|Deutsch| [[::Uncomplicated Firewall ufw/de|Deutsch]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/el | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|Ελληνικά| [[::Uncomplicated Firewall ufw/el|Ελληνικά]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/es | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|español| [[::Uncomplicated Firewall ufw/es|español]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/fa | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|فارسی| [[::Uncomplicated Firewall ufw/fa|فارسی]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/fi | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|suomi| [[::Uncomplicated Firewall ufw/fi|suomi]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/fr | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|français| [[::Uncomplicated Firewall ufw/fr|français]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/gu | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|ગુજરાતી| [[::Uncomplicated Firewall ufw/gu|ગુજરાતી]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/he | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|עברית| [[::Uncomplicated Firewall ufw/he|עברית]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/hu | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|magyar| [[::Uncomplicated Firewall ufw/hu|magyar]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/id | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|Bahasa Indonesia| [[::Uncomplicated Firewall ufw/id|Bahasa Indonesia]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/it | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|italiano| [[::Uncomplicated Firewall ufw/it|italiano]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/ja | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|日本語| [[::Uncomplicated Firewall ufw/ja|日本語]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/ko | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|한국어| [[::Uncomplicated Firewall ufw/ko|한국어]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/ksh | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|Ripoarisch| [[::Uncomplicated Firewall ufw/ksh|Ripoarisch]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/mr | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|मराठी| [[::Uncomplicated Firewall ufw/mr|मराठी]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/ms | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|Bahasa Melayu| [[::Uncomplicated Firewall ufw/ms|Bahasa Melayu]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/nl | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|Nederlands| [[::Uncomplicated Firewall ufw/nl|Nederlands]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/no | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|norsk| [[::Uncomplicated Firewall ufw/no|norsk]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/oc | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|occitan| [[::Uncomplicated Firewall ufw/oc|occitan]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/pl | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|polski| [[::Uncomplicated Firewall ufw/pl|polski]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/pt | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|português| [[::Uncomplicated Firewall ufw/pt|português]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/ro | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|română| [[::Uncomplicated Firewall ufw/ro|română]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/ru | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|русский| [[::Uncomplicated Firewall ufw/ru|русский]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/si | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|සිංහල| [[::Uncomplicated Firewall ufw/si|සිංහල]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/sq | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|shqip| [[::Uncomplicated Firewall ufw/sq|shqip]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/sr | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|српски / srpski| [[::Uncomplicated Firewall ufw/sr|српски / srpski]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/sv | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|svenska| [[::Uncomplicated Firewall ufw/sv|svenska]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/th | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|ไทย| [[::Uncomplicated Firewall ufw/th|ไทย]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/tr | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|Türkçe| [[::Uncomplicated Firewall ufw/tr|Türkçe]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/vi | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|Tiếng Việt| [[::Uncomplicated Firewall ufw/vi|Tiếng Việt]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/yue | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|粵語| [[::Uncomplicated Firewall ufw/yue|粵語]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/zh | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|中文| [[::Uncomplicated Firewall ufw/zh|中文]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/zh-hans | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|中文(简体)| [[::Uncomplicated Firewall ufw/zh-hans|中文(简体)]]}}|}} {{#ifexist: {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw | UbuntuHelp:Uncomplicated_Firewall_ufw | {{#if: | :}}Uncomplicated Firewall ufw}}/zh-hant | • {{#if: UbuntuHelp:Uncomplicated_Firewall_ufw|中文(繁體)| [[::Uncomplicated Firewall ufw/zh-hant|中文(繁體)]]}}|}} |
{{#ifeq:UbuntuHelp:Uncomplicated_Firewall_ufw|:Uncomplicated Firewall ufw|请不要直接编辑翻译本页,本页将定期与来源同步。}} |
{{#ifexist: :Uncomplicated Firewall ufw/zh | | {{#ifexist: Uncomplicated Firewall ufw/zh | | {{#ifeq: {{#titleparts:Uncomplicated Firewall ufw|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:Uncomplicated Firewall ufw|1|-1|}} | zh | | }}
- title Uncomplicated Firewall - UFW
Firewall
Introduction
The Linux kernel includes the Netfilter subsystem, which is used to manipulate or decide the fate of network traffic headed into or through your server. All modern Linux firewall solutions use this system for packet filtering. The kernel's packet filtering system would be of little use to administrators without a userspace interface to manage it. This is the purpose of iptables. When a packet reaches your server, it will be handed off to the Netfilter subsystem for acceptance, manipulation, or rejection based on the rules supplied to it from userspace via iptables. Thus, iptables is all you need to manage your firewall if you're familiar with it, but many frontends are available to simplify the task. Howto: Use, setup, and Take advantage of the New Ubuntu Uncomplicated Firewall UFW
ufw - Uncomplicated Firewall
The default firewall configuration tool for Ubuntu is ufw. Developed to ease iptables firewall configuration, ufw provides a user friendly way to create an IPv4 or IPv6 host-based firewall. ufw by default is initially disabled.
Basic Syntax and Examples
Set Default Rule
Setting the default mode of ufw is recommended before turning it on Set Default Deny:
sudo ufw default deny
Set Default Allow:
sudo ufw default allow
Enable ufw
To turn UFW on:
sudo ufw enable
{{https://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=IconNote.png%7D%7D Unless you have used set the default to deny when you initially enable ufw it is in ALLOW mode, and will allow everything incoming and outgoing until you make rulesets.
Allow
sudo ufw allow <port>/<optional: protocol> example: To allow incoming tcp and udp packet on port 53
sudo ufw allow 53
example: To allow incoming tcp packets on port 53
sudo ufw allow 53/tcp
example: To allow incoming udp packes on port 53
sudo ufw allow 53/udp
Deny
sudo ufw deny <port>/<optional: protocol> example: To deny tcp and udp packets on port 53
sudo ufw deny 53
example: To deny incoming tcp packets on port 53
sudo ufw deny 53/tcp
example: To deny incoming udp packets on port 53
sudo ufw deny 53/udp
Services
You can also allow or deny by service name since ufw reads from /etc/services To see get a list of services:
cat /etc/services | less
Allow by Service Name
sudo ufw allow <service name> example: to allow ssh by name
sudo ufw allow ssh
Deny by Service Name
sudo ufw deny <service name> example: to deny ssh by name
sudo ufw deny ssh
Status
{{https://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=important.png%7D%7D Checking the status of ufw will tell you if ufw is enabled or disabled and also list the current ufw rules that are applied to your iptables. To check the status of ufw:
sudo ufw status Firewall loaded To Action From -- ------ ---- 22:tcp DENY 192.168.0.1 22:udp DENY 192.168.0.1 22:tcp DENY 192.168.0.7 22:udp DENY 192.168.0.7 22:tcp ALLOW 192.168.0.0/24 22:udp ALLOW 192.168.0.0/24
if ufw was not enabled the output would be:
sudo ufw status Firewall not loaded
Disable ufw
To disable ufw use:
sudo ufw disable
Logging
To enable logging use:
ufw logging on
To disable logging use:
ufw logging off
Delete Existing Rule
To delete a rule, simply prefix the original rule with delete. For example, if the original rule was:
ufw deny 80/tcp
Use this to delete it:
sudo ufw delete deny 80/tcp
Advanced Syntax
You can also use a fuller syntax, specifying the source and destination addresses and ports.
Allow Access
This section shows how to allow specific access.
Allow by Specific IP
sudo ufw allow <ip address> example:To allow packets from 207.46.232.182:
sudo ufw allow from 207.46.232.182
Allow by Subnet
You may use a net mask :
sudo ufw allow 192.168.1.0/24
Allow by specific port and IP address
sudo ufw allow from <ip address> to <protocol> port <port number> example: allow ip address 192.168.0.4 access to port 22 for all protocols
sudo ufw allow from 192.168.0.4 to any port 22
Enable PING
Note: Security by obscurity may be of very little actual benefit with modern cracker scripts. By default, UFW blocks ping requests. You may find you wish to enable ping to diagnose networking problems. You need to edit /etc/ufw/before.rules and remove the commment on this line (remove the # in the front)
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
Deny Access
Deny by specific IP
sudo ufw deny from <ip address> example:To block packets from 207.46.232.182:
sudo ufw deny from 207.46.232.182
Deny by specific port and IP address
sudo ufw deny from <ip address> to <protocol> port <port number> example: deny ip address 192.168.0.1 access to port 22 for all protocols
sudo ufw deny from 192.168.0.1 to any port 22
Advanced Blocking Rules
Blocking IP addresses is not so straight forward if you have an existing set of rules as IPTABLES matches in order.
So if you started with default deny and added in port 80 for a public server :
sudo ufw allow 80
But then find IP address 111.222.3.44 is hacking your server :
sudo ufw deny 111.222.3.44
will do nothing (you allowed access with your first rule).
You need to edit /etc/ufw/before.rules and add a section "Block IP" after "Drop INVALID packets" :
-A ufw-before-input -s 111.222.3.44 -j DROP #Assuming no loging is desired of course) # drop INVALID packets # uncomment to log INVALID packets #-A ufw-before-input -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW B$ -A ufw-before-input -m conntrack --ctstate INVALID -j DROP # Block IP # This it is efective :) -A ufw-before-input -s 111.222.3.44 -j DROP
Advanced Example
scenario: you want to block access to port 22 from 192.168.0.1 and 192.168.0.7 but allow all other 192.168.0.x IPs to have access to port 22
sudo ufw deny from 192.168.0.1 to any port 22 sudo ufw deny from 192.168.0.7 to any port 22 sudo ufw allow from 192.168.0.0/24 to any port 22
{{https://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=important.png%7D%7D This puts the specific rules first and the generic second. Once a rule is matched the others will not be evaluated (see manual below) so you must put the specific rules first. As rules change you may need to delete old rules to ensure that new rules are put in the proper order. To check your rules orders you can check the status; for the scenario the output below is the desired output for the rules to work properly
sudo ufw status Firewall loaded To Action From -- ------ ---- 22:tcp DENY 192.168.0.1 22:udp DENY 192.168.0.1 22:tcp DENY 192.168.0.7 22:udp DENY 192.168.0.7 22:tcp ALLOW 192.168.0.0/24 22:udp ALLOW 192.168.0.0/24
scenario change You want to block access to port 22 to 192.168.0.3 as well as 192.168.0.1 and 192.168.0.7.
sudo ufw delete allow from 192.168.0.0/24 to any port 22 sudo ufw status Firewall loaded To Action From -- ------ ---- 22:tcp DENY 192.168.0.1 22:udp DENY 192.168.0.1 22:tcp DENY 192.168.0.7 22:udp DENY 192.168.0.7 sudo ufw deny 192.168.0.3 to any port 22 sudo ufw allow 192.168.0.0/24 to any port 22 sudo ufw status Firewall loaded To Action From -- ------ ---- 22:tcp DENY 192.168.0.1 22:udp DENY 192.168.0.1 22:tcp DENY 192.168.0.7 22:udp DENY 192.168.0.7 22:tcp DENY 192.168.0.3 22:udp DENY 192.168.0.3 22:tcp ALLOW 192.168.0.0/24 22:udp ALLOW 192.168.0.0/24
{{https://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=important.png%7D%7D If you simply add the deny rule the allow would have been above it and been applied instead of the deny
Server Guide
For instructions on using ufw first see the offical manual {*} https://help.ubuntu.com/8.04/serverguide/C/firewall.html
Manual
The most recent syntax and manual can be retrieved by getting the man page. Open a terminal window and type:
man ufw
