UFW: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
 
(14 intermediate revisions by the same user not shown)
Line 7: Line 7:
</syntaxhighlight>
</syntaxhighlight>


==Allow==
{|class="wikitable"|-
!scope="col" colspan="5"| Allow » Basic 
|-
!scope="col"| Name !!scope="col"| Allow
|rowspan="6"|
!scope="col"| Name !!scope="col"| Allow
|-
| HTTP                              || <code>sudo ufw allow http</code>                  ||  RDP                              || <code>sudo ufw allow 5900/tcp</code>
|-
| OpenSSH                          || <code>sudo ufw allow OpenSSH</code>              ||  MySQL                            || <code>sudo ufw allow 3306/tcp</code>
|-
| LXD Bridge                        || <code>sudo ufw allow in on lxdbr0</code>          ||  PostgreSQL                        || <code>sudo ufw allow 5432/tcp</code>
|-
| LXD Bridge                        || <code>sudo ufw route allow in on lxdbr0</code>    ||  Micro Services                    || <code>sudo ufw allow 9000:9010/tcp</code>
|-
| LXD Bridge                        || <code>sudo ufw route allow out on lxdbr0</code>  ||  MinIO Object Storage              || <code>sudo ufw allow 9800:9801/tcp</code>
|-
!scope="col" colspan="5"| Allow » Special
|-
!scope="col"| Name !!scope="col"| Allow
|rowspan="2"|
!scope="col"| Name !!scope="col"| Allow
|-
| OpenVPN                          || <code>sudo ufw allow 1194/udp</code>              || GitLab                            || <code>sudo ufw allow 1080/tcp</code>
|-
| MongoDB                          || <code>sudo ufw allow 27017/tcp</code>            ||                                    ||
|}
===Allow » Minikube » Bridge===
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
sudo ufw allow http
MINIKUBE_BRIDGE="br-$(docker network ls -fname=minikube --format=json|jq -r '.ID')"
sudo ufw allow OpenSSH
sudo ufw allow in on ${MINIKUBE_BRIDGE}
sudo ufw allow in on lxdbr0
sudo ufw status numbered
sudo ufw route allow in on lxdbr0
</syntaxhighlight>
sudo ufw route allow out on lxdbr0


==Status==
{|
| valign="top" |
<syntaxhighlight lang="bash">
sudo systemctl status ufw
sudo ufw status verbose
sudo ufw status verbose
sudo systemctl status ufw
sudo ufw enable
sudo ufw enable
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
sudo ufw allow 5900/tcp
sudo ufw delete allow 3306
sudo ufw status verbose
sudo ufw status numbered
sudo ufw delete N
</syntaxhighlight>


sudo ufw allow http
| valign="top" |
sudo ufw allow OpenSSH
<syntaxhighlight lang="bash">
sudo ufw allow 5900/tcp
sudo ufw delete allow 9800:9801/tcp
sudo ufw delete allow 9000:9010/tcp
sudo ufw delete allow 3306/tcp
</syntaxhighlight>


ufw status
|}
ufw status verbose
systemctl status ufw
</syntaxhighlight>


==Playground==
==Playground==
Line 89: Line 125:
|valign='top'|
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
sudo -i -u minikube
echo $(ip r g $(minikube ip)|awk '{print $3}'|head -n1)
sudo nmap -sU -sT -p U:1194,T:22,53,443 vpn.shahed.biz
sudo nmap -sU -sT -p U:1194,T:22,53,443 vpn.shahed.biz
</syntaxhighlight>
</syntaxhighlight>
|-
|colspan='3'|
----
|-
|valign='top'|
<syntaxhighlight lang="bash">
journalctl -xeu mongod.service
systemctl daemon-reload
journalctl -xe|less
journalctl -xe|tail
journalctl -xe
</syntaxhighlight>
|valign='top'|
|valign='top'|


|}
|}
Line 133: Line 189:


| valign="top" |
| valign="top" |
* [[K8s/CSI Hostpath Driver|K8s » CSI Hostpath Driver]]
* [[CIDR]]
* [[Port]]


|}
|}

Latest revision as of 06:38, 10 November 2024

cat <<-'EXE'|sudo bash
apt-get update;echo
apt list -a --upgradable
apt-get install -y ufw nmap telnet
EXE

Allow

Allow » Basic
Name Allow Name Allow
HTTP sudo ufw allow http RDP sudo ufw allow 5900/tcp
OpenSSH sudo ufw allow OpenSSH MySQL sudo ufw allow 3306/tcp
LXD Bridge sudo ufw allow in on lxdbr0 PostgreSQL sudo ufw allow 5432/tcp
LXD Bridge sudo ufw route allow in on lxdbr0 Micro Services sudo ufw allow 9000:9010/tcp
LXD Bridge sudo ufw route allow out on lxdbr0 MinIO Object Storage sudo ufw allow 9800:9801/tcp
Allow » Special
Name Allow Name Allow
OpenVPN sudo ufw allow 1194/udp GitLab sudo ufw allow 1080/tcp
MongoDB sudo ufw allow 27017/tcp

Allow » Minikube » Bridge

MINIKUBE_BRIDGE="br-$(docker network ls -fname=minikube --format=json|jq -r '.ID')"
sudo ufw allow in on ${MINIKUBE_BRIDGE}
sudo ufw status numbered

Status

sudo systemctl status ufw
sudo ufw status verbose
sudo ufw enable
sudo ufw delete allow 3306
sudo ufw status numbered
sudo ufw delete N
sudo ufw delete allow 9800:9801/tcp
sudo ufw delete allow 9000:9010/tcp
sudo ufw delete allow 3306/tcp

Playground

netstat -uap|grep nginx
apt list --installed
sudo ufw status
netstat -lpn
netstat -a
sudo ss -tulpn | grep LISTEN | grep resolve
sudo ss -tulpn | grep LISTEN | grep minio
sudo ss -tulpn | grep LISTEN | grep sshd
sudo ss -tulwn | grep LISTEN
sudo ss -tulpn | grep LISTEN
sudo lsof -i -P -n | grep LISTEN
sudo ss -tulpn     | grep LISTEN
sudo ufw allow 'Nginx HTTP'
sudo ufw app list
sudo ufw status

sudo systemctl status ufw
sudo apt-get install gufw
sudo ufw status numbered
sudo ufw status verbose
sudo ufw disable
sudo ufw enable
sudo ufw status
nc -uv vpn.shahed.biz 1194   # udp
nc -tv vpn.shahed.biz 80     # tcp
nc -tv vpn.shahed.biz 53     # tcp
sudo nmap -sT localhost      # tcp
sudo nmap -sU localhost      # udp
nc -uv localhost 1194        # udp
nc -tv localhost 80          # tcp
sudo -i -u minikube
echo $(ip r g $(minikube ip)|awk '{print $3}'|head -n1)

sudo nmap -sU -sT -p U:1194,T:22,53,443 vpn.shahed.biz

journalctl -xeu mongod.service
systemctl daemon-reload
journalctl -xe|less
journalctl -xe|tail
journalctl -xe

References