UFW: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
No edit summary
Line 7: Line 7:
</syntaxhighlight>
</syntaxhighlight>


==Allow==
{|class="wikitable"
|-
!scope="col"| Name !!scope="col"| Allow
|rowspan="6"|
!scope="col"| Name !!scope="col"| Allow
|-
| HTTP                              || <code>sudo ufw allow http</code>                  ||  RDP                              || <code>sudo ufw allow 5900/tcp</code>
|-
| OpenSSH                          || <code>sudo ufw allow OpenSSH</code>              ||  MySQL                            || <code>sudo ufw allow 3306/tcp</code>
|-
| LXD Bridge                        || <code>sudo ufw allow in on lxdbr0</code>          ||  PostgreSQL                        || <code>sudo ufw allow 5432/tcp</code>
|-
| LXD Bridge                        || <code>sudo ufw route allow in on lxdbr0</code>    ||  Micro Services                    || <code>sudo ufw allow 9000:9010/tcp</code>
|-
| LXD Bridge                        || <code>sudo ufw route allow out on lxdbr0</code>  ||  MinIO Object Storage              || <code>sudo ufw allow 9800:9801/tcp</code>
|}
==Status==
{|
| valign="top" |
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
sudo ufw allow http
sudo systemctl status ufw
sudo ufw allow OpenSSH
sudo ufw allow in on lxdbr0
sudo ufw route allow in on lxdbr0
sudo ufw route allow out on lxdbr0
 
sudo ufw status verbose
sudo ufw status verbose
sudo systemctl status ufw
sudo ufw enable
sudo ufw enable
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
sudo ufw allow 5900/tcp
sudo ufw delete allow 3306
sudo ufw status verbose
sudo ufw status numbered
sudo ufw delete N
</syntaxhighlight>


sudo ufw allow http
| valign="top" |
sudo ufw allow OpenSSH
sudo ufw allow 5900/tcp


ufw status
|}
ufw status verbose
systemctl status ufw
</syntaxhighlight>


==Playground==
==Playground==

Revision as of 10:27, 11 August 2024

cat <<-'EXE'|sudo bash
apt-get update;echo
apt list -a --upgradable
apt-get install -y ufw nmap telnet
EXE

Allow

Name Allow Name Allow
HTTP sudo ufw allow http RDP sudo ufw allow 5900/tcp
OpenSSH sudo ufw allow OpenSSH MySQL sudo ufw allow 3306/tcp
LXD Bridge sudo ufw allow in on lxdbr0 PostgreSQL sudo ufw allow 5432/tcp
LXD Bridge sudo ufw route allow in on lxdbr0 Micro Services sudo ufw allow 9000:9010/tcp
LXD Bridge sudo ufw route allow out on lxdbr0 MinIO Object Storage sudo ufw allow 9800:9801/tcp

Status

sudo systemctl status ufw
sudo ufw status verbose
sudo ufw enable

sudo ufw delete allow 3306
sudo ufw status numbered
sudo ufw delete N

Playground

netstat -uap|grep nginx
apt list --installed
sudo ufw status
netstat -lpn
netstat -a

sudo ss -tulpn | grep LISTEN | grep resolve
sudo ss -tulpn | grep LISTEN | grep minio
sudo ss -tulpn | grep LISTEN | grep sshd
sudo ss -tulwn | grep LISTEN
sudo ss -tulpn | grep LISTEN

sudo lsof -i -P -n | grep LISTEN
sudo ss -tulpn     | grep LISTEN
sudo ufw allow 'Nginx HTTP'
sudo ufw app list
sudo ufw status

sudo systemctl status ufw
sudo apt-get install gufw
sudo ufw status numbered
sudo ufw status verbose
sudo ufw disable
sudo ufw enable
sudo ufw status

nc -uv vpn.shahed.biz 1194   # udp
nc -tv vpn.shahed.biz 80     # tcp
nc -tv vpn.shahed.biz 53     # tcp
sudo nmap -sT localhost      # tcp
sudo nmap -sU localhost      # udp
nc -uv localhost 1194        # udp
nc -tv localhost 80          # tcp

sudo nmap -sU -sT -p U:1194,T:22,53,443 vpn.shahed.biz

References

Retrieved from "https://cdn.chorke.org/weke/index.php?title=UFW&oldid=12532"