UFW: Difference between revisions

Latest revision as of 23:50, 30 September 2024

cat <<-'EXE'|sudo bash
apt-get update;echo
apt list -a --upgradable
apt-get install -y ufw nmap telnet
EXE

Allow

Allow » Basic
Name	Allow	Name	Allow
HTTP	`sudo ufw allow http`	RDP	`sudo ufw allow 5900/tcp`
OpenSSH	`sudo ufw allow OpenSSH`	MySQL	`sudo ufw allow 3306/tcp`
LXD Bridge	`sudo ufw allow in on lxdbr0`	PostgreSQL	`sudo ufw allow 5432/tcp`
LXD Bridge	`sudo ufw route allow in on lxdbr0`	Micro Services	`sudo ufw allow 9000:9010/tcp`
LXD Bridge	`sudo ufw route allow out on lxdbr0`	MinIO Object Storage	`sudo ufw allow 9800:9801/tcp`
Allow » Special
Name	Allow	Name	Allow
OpenVPN	`sudo ufw allow 1194/udp`	GitLab	`sudo ufw allow 1080/tcp`
MongoDB	`sudo ufw allow 27017/tcp`

Allow » Minikube » Bridge

MINIKUBE_BRIDGE="br-$(docker network ls -fname=minikube --format=json|jq -r '.ID')"
sudo ufw allow in on ${MINIKUBE_BRIDGE}
sudo ufw status numbered

Status

sudo systemctl status ufw
sudo ufw status verbose
sudo ufw enable

sudo ufw delete allow 3306
sudo ufw status numbered
sudo ufw delete N

sudo ufw delete allow 9800:9801/tcp
sudo ufw delete allow 9000:9010/tcp
sudo ufw delete allow 3306/tcp

Playground

netstat -uap\|grep nginx apt list --installed sudo ufw status netstat -lpn netstat -a	sudo ss -tulpn \| grep LISTEN \| grep resolve sudo ss -tulpn \| grep LISTEN \| grep minio sudo ss -tulpn \| grep LISTEN \| grep sshd sudo ss -tulwn \| grep LISTEN sudo ss -tulpn \| grep LISTEN	sudo lsof -i -P -n \| grep LISTEN sudo ss -tulpn \| grep LISTEN sudo ufw allow 'Nginx HTTP' sudo ufw app list sudo ufw status

sudo systemctl status ufw sudo apt-get install gufw sudo ufw status numbered sudo ufw status verbose sudo ufw disable sudo ufw enable sudo ufw status	nc -uv vpn.shahed.biz 1194 # udp nc -tv vpn.shahed.biz 80 # tcp nc -tv vpn.shahed.biz 53 # tcp sudo nmap -sT localhost # tcp sudo nmap -sU localhost # udp nc -uv localhost 1194 # udp nc -tv localhost 80 # tcp	sudo -i -u minikube echo $(ip r g $(minikube ip)\|awk '{print $3}'\|head -n1) sudo nmap -sU -sT -p U:1194,T:22,53,443 vpn.shahed.biz

journalctl -xeu mongod.service systemctl daemon-reload journalctl -xe\|less journalctl -xe\|tail journalctl -xe

References

UFW » Set Up on Ubuntu 22.04 UFW

PostgreSQL OpenVPN Minikube Podman Vagrant VSCode NodeJS Docker MAAS MinIO	Academia JavaEE Workspace in Ubuntu Linux Virtual Display for iPad Pro Ubuntu/Raspberry Pi Linux Containers Localtunnel Remmina ActiveMQ MySQL Nginx Qemu	K8s » CSI Hostpath Driver

@@ Line 8: / Line 8: @@
 ==Allow==
-{|class="wikitable"
+{|class="wikitable"|-
+!scope="col" colspan="5"| Allow » Basic
 |-
 !scope="col"| Name !!scope="col"| Allow
@@ Line 22: / Line 23: @@
 | LXD Bridge                        || <code>sudo ufw route allow in on lxdbr0</code>    ||  Micro Services                    || <code>sudo ufw allow 9000:9010/tcp</code>
 |-
 | LXD Bridge                        || <code>sudo ufw route allow out on lxdbr0</code>   ||  MinIO Object Storage              || <code>sudo ufw allow 9800:9801/tcp</code>
+|-
+!scope="col" colspan="5"| Allow » Special
+|-
+!scope="col"| Name !!scope="col"| Allow
+|rowspan="2"|
+!scope="col"| Name !!scope="col"| Allow
+|-
+| OpenVPN                           || <code>sudo ufw allow 1194/udp</code>              || GitLab                             || <code>sudo ufw allow 1080/tcp</code>
+|-
+| MongoDB                           || <code>sudo ufw allow 27017/tcp</code>             ||                                    ||
 |}
@@ Line 28: / Line 39: @@
 <syntaxhighlight lang="bash">
 MINIKUBE_BRIDGE="br-$(docker network ls -fname=minikube --format=json|jq -r '.ID')"
-sudo ufw route allow in on ${MINIKUBE_BRIDGE}
+sudo ufw allow in on ${MINIKUBE_BRIDGE}
 sudo ufw status numbered
 </syntaxhighlight>
@@ Line 119: / Line 130: @@
 sudo nmap -sU -sT -p U:1194,T:22,53,443 vpn.shahed.biz
 </syntaxhighlight>
+|-
+|colspan='3'|
+----
+|-
+|valign='top'|
+<syntaxhighlight lang="bash">
+journalctl -xeu mongod.service
+systemctl daemon-reload
+journalctl -xe|less
+journalctl -xe|tail
+journalctl -xe
+</syntaxhighlight>
+|valign='top'|
+|valign='top'|
 |}

netstat -uap\|grep nginx apt list --installed sudo ufw status netstat -lpn netstat -a	sudo ss -tulpn \| grep LISTEN \| grep resolve sudo ss -tulpn \| grep LISTEN \| grep minio sudo ss -tulpn \| grep LISTEN \| grep sshd sudo ss -tulwn \| grep LISTEN sudo ss -tulpn \| grep LISTEN	sudo lsof -i -P -n \| grep LISTEN sudo ss -tulpn \| grep LISTEN sudo ufw allow 'Nginx HTTP' sudo ufw app list sudo ufw status

sudo systemctl status ufw sudo apt-get install gufw sudo ufw status numbered sudo ufw status verbose sudo ufw disable sudo ufw enable sudo ufw status	nc -uv vpn.shahed.biz 1194 # udp nc -tv vpn.shahed.biz 80 # tcp nc -tv vpn.shahed.biz 53 # tcp sudo nmap -sT localhost # tcp sudo nmap -sU localhost # udp nc -uv localhost 1194 # udp nc -tv localhost 80 # tcp	sudo -i -u minikube echo $(ip r g $(minikube ip)\|awk '{print $3}'\|head -n1) sudo nmap -sU -sT -p U:1194,T:22,53,443 vpn.shahed.biz

journalctl -xeu mongod.service systemctl daemon-reload journalctl -xe\|less journalctl -xe\|tail journalctl -xe

UFW: Difference between revisions

Latest revision as of 23:50, 30 September 2024

Contents

Allow

Allow » Minikube » Bridge

Status

Playground

References

Navigation menu

UFW: Difference between revisions

Latest revision as of 23:50, 30 September 2024

Allow

Allow » Minikube » Bridge

Status

Playground

References

Navigation menu

Search