UFW: Difference between revisions
Jump to navigation
Jump to search
(→Verify) |
|||
(One intermediate revision by the same user not shown) | |||
Line 124: | Line 124: | ||
REMOTE_PORTS="22 25 80 162 443 465 587";\ | REMOTE_PORTS="22 25 80 162 443 465 587";\ | ||
echo;for REMOTE_PORT in ${REMOTE_PORTS};do \ | echo;for REMOTE_PORT in ${REMOTE_PORTS};do \ | ||
printf "\033[1;32mtelnet %s % | printf "\033[1;32mtelnet %s %-5d »\033[0m\n" ${REMOTE_HOST} ${REMOTE_PORT};\ | ||
telnet ${REMOTE_HOST} ${REMOTE_PORT} & sleep 5 && kill -9 $! && echo; done | telnet ${REMOTE_HOST} ${REMOTE_PORT} & sleep 5 && kill -9 $! && echo; done | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 134: | Line 134: | ||
REMOTE_PORTS="3306 4321 5432 5900 8080";\ | REMOTE_PORTS="3306 4321 5432 5900 8080";\ | ||
echo;for REMOTE_PORT in ${REMOTE_PORTS};do \ | echo;for REMOTE_PORT in ${REMOTE_PORTS};do \ | ||
printf "\033[1;31mtelnet %s % | printf "\033[1;31mtelnet %s %-5d »\033[0m\n" ${REMOTE_HOST} ${REMOTE_PORT};\ | ||
telnet ${REMOTE_HOST} ${REMOTE_PORT} & sleep 5 && kill -9 $! && echo; done | telnet ${REMOTE_HOST} ${REMOTE_PORT} & sleep 5 && kill -9 $! && echo; done | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 341: | Line 341: | ||
* [[K8s/CSI Hostpath Driver|K8s » CSI Hostpath Driver]] | * [[K8s/CSI Hostpath Driver|K8s » CSI Hostpath Driver]] | ||
* [[Linux User Creation]] | * [[Linux User Creation]] | ||
* [[IPTables]] | |||
* [[CIDR]] | * [[CIDR]] | ||
* [[Port]] | * [[Port]] | ||
|} | |} |
Latest revision as of 20:56, 20 December 2024
cat <<-'EXE'|sudo bash
apt-get update;echo
apt list -a --upgradable
apt-get install -y ufw nmap telnet
EXE
App
cat << INI | sudo tee /etc/ufw/applications.d/chorke >/dev/null
[Chorke]
title=Chorke Academia, Inc.
description=Chorke Academia, Inc. App
ports=1983/tcp
INI
|
cat /etc/ufw/applications.d/chorke
ls -lah /etc/ufw/applications.d/
sudo ufw app update Chorke
sudo ufw app info Chorke
sudo ufw app list
| |
| ||
sudo ufw allow from 10.19.83.10 to any app Chorke
sudo ufw allow Chorke
sudo ufw status verbose
|
sudo ufw delete allow from 10.19.83.10 to any app Chorke
sudo ufw delete allow Chorke
sudo ufw status numbered
|
Allow
Allow » Basic | ||||
---|---|---|---|---|
Name | Allow | Name | Allow | |
HTTP | sudo ufw allow http |
RDP | sudo ufw allow 5900/tcp
| |
OpenSSH | sudo ufw allow OpenSSH |
MySQL | sudo ufw allow 3306/tcp
| |
LXD Bridge | sudo ufw allow in on lxdbr0 |
PostgreSQL | sudo ufw allow 5432/tcp
| |
LXD Bridge | sudo ufw route allow in on lxdbr0 |
Micro Services | sudo ufw allow 9000:9010/tcp
| |
LXD Bridge | sudo ufw route allow out on lxdbr0 |
MinIO Object Storage | sudo ufw allow 9800:9801/tcp
| |
Allow » Special | ||||
Name | Allow | Name | Allow | |
OpenVPN | sudo ufw allow 1194/udp |
GitLab | sudo ufw allow 1080/tcp
| |
MongoDB | sudo ufw allow 27017/tcp |
Git | sudo ufw allow 9418/tcp
| |
HTTPS | sudo ufw allow 443/tcp |
SMTP | sudo ufw allow 25/tcp
| |
Email Submission | sudo ufw allow 587/tcp |
SMTPS | sudo ufw allow 465/tcp
| |
HTTP ALT | sudo ufw allow 8000/tcp |
SMTP RAP | sudo ufw allow 162/tcp
|
Allow » Minikube » Bridge
MINIKUBE_BRIDGE="br-$(docker network ls -fname=minikube --format=json|jq -r '.ID')"
sudo ufw allow in on ${MINIKUBE_BRIDGE}
sudo ufw status numbered
Status
sudo systemctl status ufw
sudo ufw status verbose
sudo ufw enable
|
sudo ufw delete allow 3306
sudo ufw status numbered
sudo ufw delete N
|
sudo ufw delete allow 9800:9801/tcp
sudo ufw delete allow 9000:9010/tcp
sudo ufw delete allow 3306/tcp
|
Verify
UFW » Allowed » Ports REMOTE_HOST="cid.chorke.org";\
REMOTE_PORTS="22 25 80 162 443 465 587";\
echo;for REMOTE_PORT in ${REMOTE_PORTS};do \
printf "\033[1;32mtelnet %s %-5d »\033[0m\n" ${REMOTE_HOST} ${REMOTE_PORT};\
telnet ${REMOTE_HOST} ${REMOTE_PORT} & sleep 5 && kill -9 $! && echo; done
|
UFW » Denied » Ports REMOTE_HOST="cid.chorke.org";\
REMOTE_PORTS="3306 4321 5432 5900 8080";\
echo;for REMOTE_PORT in ${REMOTE_PORTS};do \
printf "\033[1;31mtelnet %s %-5d »\033[0m\n" ${REMOTE_HOST} ${REMOTE_PORT};\
telnet ${REMOTE_HOST} ${REMOTE_PORT} & sleep 5 && kill -9 $! && echo; done
|
Playground
netstat -uap|grep nginx
apt list --installed
sudo ufw status
netstat -lpn
netstat -a
|
sudo ss -tulpn | grep LISTEN | grep resolve
sudo ss -tulpn | grep LISTEN | grep minio
sudo ss -tulpn | grep LISTEN | grep sshd
sudo ss -tulwn | grep LISTEN
sudo ss -tulpn | grep LISTEN
|
sudo lsof -i -P -n | grep LISTEN
sudo ss -tulpn | grep LISTEN
sudo ufw allow 'Nginx HTTP'
sudo ufw app list
sudo ufw status
|
| ||
sudo systemctl status ufw
sudo apt-get install gufw
sudo ufw status numbered
sudo ufw status verbose
sudo ufw disable
sudo ufw enable
sudo ufw status
|
nc -uv vpn.shahed.biz 1194 # udp
nc -tv vpn.shahed.biz 80 # tcp
nc -tv vpn.shahed.biz 53 # tcp
sudo nmap -sT localhost # tcp
sudo nmap -sU localhost # udp
nc -uv localhost 1194 # udp
nc -tv localhost 80 # tcp
|
sudo -i -u minikube
echo $(ip r g $(minikube ip)|awk '{print $3}'|head -n1)
sudo nmap -sU -sT -p U:1194,T:22,53,443 vpn.shahed.biz
sudo ufw --dry-run allow https
sudo ufw --dry-run allow http
|
| ||
journalctl -xeu mongod.service
systemctl daemon-reload
journalctl -xe|less
journalctl -xe|tail
journalctl -xe
|
sudo ufw app info 'Apache Secure'
sudo ufw app info 'Apache Full'
sudo ufw app info 'Apache'
sudo ufw app info OpenSSH
sudo ufw app info CUPS
|
cat /etc/ufw/applications.d/apache2-utils.ufw.profile
cat /etc/ufw/applications.d/openssh-server
cat /etc/ufw/applications.d/cups
ls -alh /etc/ufw/applications.d/
sudo ufw app list
|
| ||
sudo ufw allow from 10.19.83.110 to any app OpenSSH
sudo ufw allow from 10.19.83.110 to any port 22/tcp
|
sudo ufw delete allow from 10.19.83.110 to any app OpenSSH
sudo ufw delete allow from 10.19.83.110 to any port 22/tcp
| |
| ||
ssh -qt [email protected] ssh -qt [email protected] bash
sudo su
cat << EXE | sudo bash
systemctl status ufw
ufw enable
ufw allow 22/tcp
ufw allow 25/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 8000/tcp
ufw allow 67/udp
ufw allow 68/udp
ufw allow 162/udp
ufw allow from 10.19.83.1 to any port 22 proto tcp
ufw status numbered
systemctl status ufw
EXE
|
||
| ||
References
| ||