检查当前的防火墙状态

检查防火墙状态。
默认情况下，UFW防火墙将被禁用。

$ sudo ufw status
Status: inactive

阻止所有传入流量

首先，我们可以使用以下Linux命令阻止所有传入流量：

$ sudo ufw default deny incoming
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)

允许FTP端口20,21传入流量

以下Linux命令将允许来自任何源的TCP 20和21个端口：

$ sudo ufw allow from any to any port 20,21 proto tcp
Rule added
Rule added (v6)

仅允许特定的IP地址 10.1.1.231：

$ sudo ufw allow from 10.1.1.231 to any port 20,21 proto tcp

仅允许“10.1.1.0/8”子网连接到 TCP 端口 20 和 21：

$ sudo ufw allow from 10.1.1.0/8 to any port 20,21 proto tcp

启用防火墙

启用前，允许ssh端口，否则无法ssh远程连接服务器：

$ sudo ufw allow from any to any port 22 proto tcp

$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

检查状态

$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To                         Action      From
--                         ------      ---
20,21/tcp                  ALLOW IN    Anywhere                  
20,21/tcp                  ALLOW IN    10.1.1.231                
20,21/tcp                  ALLOW IN    10.0.0.0/8                
20,21/tcp (v6)             ALLOW IN    Anywhere (v6)