Ubuntu ufw + Python3 add / remove port-rule
bash
# Ubuntu 24.04
# 查看防火墙状态
~$ sudo ufw status
# 启用ufw防火墙
~$ sudo ufw enable
# 关闭ufw防火墙
~$ sudo ufw disable
# 重载ufw防火墙
~$ sudo ufw reload
# 防火墙禁止接收http数据包
# http端口号为80
~$ sudo ufw reject http
# 防火墙禁止发送http数据包
~$ sudo ufw reject out http
# 防火墙禁止接收https数据包
# https端口号为443
~$ sudo ufw reject https
# 防火墙禁止发送https数据包
~$ sudo ufw reject out https
# 显示ufw防火墙状态和带编号策略
~$ sudo ufw status numbered
# 删除第1条策略
~$ sudo ufw delete 1
# sudo ufw status numbered | grep '80'
# sudo ufw status numbered | grep '443'
# 显示有关80或443端口的ufw防火墙策略
sudo ufw status numbered | grep '80\|443'一键添加禁止http/https数据包的策略,保存为addhttpsrule.sh,Ubuntu下使用命令行source addhttpsrule.sh或sh addhttpsrule.sh执行
bash
#
# File: addhttpsrule.sh
# Author: Nega
# Created: 11/5/24 Tue.
#
#!/bin/bash
echo 'addrule reject-http-in..'
sudo ufw reject in http
echo 'addrule reject-http-out..'
sudo ufw reject out http
echo 'addrule reject-https-out..'
sudo ufw reject out https
echo 'addrule reject-https-in..'
sudo ufw reject in https
sudo ufw status numbered | grep '80\|443'Python代码删除ufw防火墙禁止http/https的策略:
python
'''
@file: removehttpsrule.py
@author: Nega
@created: 11/5/24 Tue.
@description: None
'''
#!/bin/python3
import os
import re
def __auto_remove_https_rules(port=80):
p = os.popen('sudo ufw status numbered | grep ' + str(port))
if p is None:
print('[TEST] aborted, with no return')
return
r = p.read()
if r is None:
print('[TEST] no read data')
return
r = r.strip()
if '\n' in r:
r = r.replace('\n', '')
if r == '':
print('[SKIP] no rule matching port ' + str(port))
MAX_TRIES = 4
count = 0
while r != '' and count < MAX_TRIES:
try:
count += 1
did = re.findall('\\[[ ]?([0-9]+)\\]', r, re.M | re.I | re.S)[0]
print('sudo ufw delete [' + did + '] port=' + str(port))
os.system('sudo ufw delete ' + did)
p = os.popen('sudo ufw status numbered | grep ' + str(port))
r = p.read()
r = r.strip().replace('\n', '')
except Exception as err:
r = ''
print('[ERR] error occurred, ' + str(err))
if __name__ == '__main__':
__auto_remove_https_rules(80)
__auto_remove_https_rules(443)
os.system('sudo ufw status numbered | grep "80\\|443"')
bash
#
# File: removehttpsrule.sh
# Author: Nega
# Created: 11/5/24 Tue.
#
#!/bin/bash
if test -f /usr/bin/python3;then
python3 removehttpsrule.py
else
echo 'no python3'
fi