UFW: Difference between revisions
Jump to navigation
Jump to search
(17 intermediate revisions by the same user not shown) | |||
Line 7: | Line 7: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
==Allow== | |||
{|class="wikitable"|- | |||
!scope="col" colspan="5"| Allow » Basic | |||
|- | |||
!scope="col"| Name !!scope="col"| Allow | |||
|rowspan="6"| | |||
!scope="col"| Name !!scope="col"| Allow | |||
|- | |||
| HTTP || <code>sudo ufw allow http</code> || RDP || <code>sudo ufw allow 5900/tcp</code> | |||
|- | |||
| OpenSSH || <code>sudo ufw allow OpenSSH</code> || MySQL || <code>sudo ufw allow 3306/tcp</code> | |||
|- | |||
| LXD Bridge || <code>sudo ufw allow in on lxdbr0</code> || PostgreSQL || <code>sudo ufw allow 5432/tcp</code> | |||
|- | |||
| LXD Bridge || <code>sudo ufw route allow in on lxdbr0</code> || Micro Services || <code>sudo ufw allow 9000:9010/tcp</code> | |||
|- | |||
| LXD Bridge || <code>sudo ufw route allow out on lxdbr0</code> || MinIO Object Storage || <code>sudo ufw allow 9800:9801/tcp</code> | |||
|- | |||
!scope="col" colspan="5"| Allow » Special | |||
|- | |||
!scope="col"| Name !!scope="col"| Allow | |||
|rowspan="2"| | |||
!scope="col"| Name !!scope="col"| Allow | |||
|- | |||
| OpenVPN || <code>sudo ufw allow 1194/udp</code> || GitLab || <code>sudo ufw allow 1080/tcp</code> | |||
|- | |||
| MongoDB || <code>sudo ufw allow 27017/tcp</code> || || | |||
|} | |||
===Allow » Minikube » Bridge=== | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
MINIKUBE_BRIDGE="br-$(docker network ls -fname=minikube --format=json|jq -r '.ID')" | |||
sudo ufw allow in on ${MINIKUBE_BRIDGE} | |||
sudo ufw allow in on | sudo ufw status numbered | ||
sudo ufw | </syntaxhighlight> | ||
==Status== | |||
{| | |||
| valign="top" | | |||
<syntaxhighlight lang="bash"> | |||
sudo systemctl status ufw | |||
sudo ufw status verbose | sudo ufw status verbose | ||
sudo ufw enable | sudo ufw enable | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| valign="top" | | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo ufw allow | sudo ufw delete allow 3306 | ||
sudo ufw status | sudo ufw status numbered | ||
sudo ufw delete N | |||
</syntaxhighlight> | |||
sudo ufw allow | | valign="top" | | ||
sudo ufw allow | <syntaxhighlight lang="bash"> | ||
sudo ufw allow | sudo ufw delete allow 9800:9801/tcp | ||
sudo ufw delete allow 9000:9010/tcp | |||
sudo ufw delete allow 3306/tcp | |||
</syntaxhighlight> | |||
|} | |||
==Playground== | ==Playground== | ||
Line 36: | Line 72: | ||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
netstat -uap|grep nginx | |||
apt list --installed | |||
sudo ufw status | |||
netstat -lpn | |||
netstat -a | netstat -a | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo ss -tulpn | grep LISTEN | grep resolve | |||
sudo ss -tulpn | grep LISTEN | grep minio | |||
sudo ss -tulpn | grep LISTEN | grep sshd | |||
sudo ss -tulwn | grep LISTEN | sudo ss -tulwn | grep LISTEN | ||
sudo ss -tulpn | grep LISTEN | sudo ss -tulpn | grep LISTEN | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo lsof -i -P -n | grep LISTEN | |||
sudo ss -tulpn | grep LISTEN | |||
sudo ufw allow 'Nginx HTTP' | |||
sudo ufw app list | |||
sudo ufw status | sudo ufw status | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 68: | Line 104: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo systemctl status ufw | sudo systemctl status ufw | ||
sudo apt-get install gufw | |||
sudo ufw status numbered | |||
sudo ufw status verbose | sudo ufw status verbose | ||
sudo ufw disable | sudo ufw disable | ||
Line 76: | Line 114: | ||
|valign='top'| | |valign='top'| | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo | nc -uv vpn.shahed.biz 1194 # udp | ||
sudo | nc -tv vpn.shahed.biz 80 # tcp | ||
nc -tv vpn.shahed.biz 53 # tcp | |||
sudo nmap -sT localhost # tcp | |||
sudo nmap -sU localhost # udp | |||
nc -uv localhost 1194 # udp | |||
nc -tv localhost 80 # tcp | |||
</syntaxhighlight> | |||
|valign='top'| | |||
<syntaxhighlight lang="bash"> | |||
sudo -i -u minikube | |||
echo $(ip r g $(minikube ip)|awk '{print $3}'|head -n1) | |||
sudo nmap -sU -sT -p U:1194,T:22,53,443 vpn.shahed.biz | |||
</syntaxhighlight> | |||
|- | |||
|colspan='3'| | |||
---- | |||
|- | |||
|valign='top'| | |||
<syntaxhighlight lang="bash"> | |||
journalctl -xeu mongod.service | |||
systemctl daemon-reload | |||
journalctl -xe|less | |||
journalctl -xe|tail | |||
journalctl -xe | |||
</syntaxhighlight> | </syntaxhighlight> | ||
|valign='top'| | |||
|valign='top'| | |valign='top'| | ||
Line 88: | Line 154: | ||
| valign="top" | | | valign="top" | | ||
* [https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-22-04 UFW » Set Up on Ubuntu 22.04] | * [https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-22-04 UFW » Set Up on Ubuntu 22.04] | ||
* [https://wiki.debian.org/Uncomplicated%20Firewall%20%28ufw%29 UFW] | |||
| valign="top" | | | valign="top" | | ||
Line 122: | Line 189: | ||
| valign="top" | | | valign="top" | | ||
* [[K8s/CSI Hostpath Driver|K8s » CSI Hostpath Driver]] | |||
* [[CIDR]] | |||
* [[Port]] | |||
|} | |} |
Latest revision as of 06:38, 10 November 2024
cat <<-'EXE'|sudo bash
apt-get update;echo
apt list -a --upgradable
apt-get install -y ufw nmap telnet
EXE
Allow
Allow » Basic | ||||
---|---|---|---|---|
Name | Allow | Name | Allow | |
HTTP | sudo ufw allow http |
RDP | sudo ufw allow 5900/tcp
| |
OpenSSH | sudo ufw allow OpenSSH |
MySQL | sudo ufw allow 3306/tcp
| |
LXD Bridge | sudo ufw allow in on lxdbr0 |
PostgreSQL | sudo ufw allow 5432/tcp
| |
LXD Bridge | sudo ufw route allow in on lxdbr0 |
Micro Services | sudo ufw allow 9000:9010/tcp
| |
LXD Bridge | sudo ufw route allow out on lxdbr0 |
MinIO Object Storage | sudo ufw allow 9800:9801/tcp
| |
Allow » Special | ||||
Name | Allow | Name | Allow | |
OpenVPN | sudo ufw allow 1194/udp |
GitLab | sudo ufw allow 1080/tcp
| |
MongoDB | sudo ufw allow 27017/tcp |
Allow » Minikube » Bridge
MINIKUBE_BRIDGE="br-$(docker network ls -fname=minikube --format=json|jq -r '.ID')"
sudo ufw allow in on ${MINIKUBE_BRIDGE}
sudo ufw status numbered
Status
sudo systemctl status ufw
sudo ufw status verbose
sudo ufw enable
|
sudo ufw delete allow 3306
sudo ufw status numbered
sudo ufw delete N
|
sudo ufw delete allow 9800:9801/tcp
sudo ufw delete allow 9000:9010/tcp
sudo ufw delete allow 3306/tcp
|
Playground
netstat -uap|grep nginx
apt list --installed
sudo ufw status
netstat -lpn
netstat -a
|
sudo ss -tulpn | grep LISTEN | grep resolve
sudo ss -tulpn | grep LISTEN | grep minio
sudo ss -tulpn | grep LISTEN | grep sshd
sudo ss -tulwn | grep LISTEN
sudo ss -tulpn | grep LISTEN
|
sudo lsof -i -P -n | grep LISTEN
sudo ss -tulpn | grep LISTEN
sudo ufw allow 'Nginx HTTP'
sudo ufw app list
sudo ufw status
|
| ||
sudo systemctl status ufw
sudo apt-get install gufw
sudo ufw status numbered
sudo ufw status verbose
sudo ufw disable
sudo ufw enable
sudo ufw status
|
nc -uv vpn.shahed.biz 1194 # udp
nc -tv vpn.shahed.biz 80 # tcp
nc -tv vpn.shahed.biz 53 # tcp
sudo nmap -sT localhost # tcp
sudo nmap -sU localhost # udp
nc -uv localhost 1194 # udp
nc -tv localhost 80 # tcp
|
sudo -i -u minikube
echo $(ip r g $(minikube ip)|awk '{print $3}'|head -n1)
sudo nmap -sU -sT -p U:1194,T:22,53,443 vpn.shahed.biz
|
| ||
journalctl -xeu mongod.service
systemctl daemon-reload
journalctl -xe|less
journalctl -xe|tail
journalctl -xe
|
References
| ||