UFW: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 216: | Line 216: | ||
* [https://askubuntu.com/questions/996340/ UFW » Restrict SSH & FTP to certain IP] | * [https://askubuntu.com/questions/996340/ UFW » Restrict SSH & FTP to certain IP] | ||
* [https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-22-04 UFW » Set Up on Ubuntu 22.04] | * [https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-22-04 UFW » Set Up on Ubuntu 22.04] | ||
* [https://askubuntu.com/questions/409013/ UFW » Create an App Profile] | |||
* [https://ubuntu.com/server/docs/firewalls UFW » Firewalls] | * [https://ubuntu.com/server/docs/firewalls UFW » Firewalls] | ||
* [https://wiki.debian.org/Uncomplicated%20Firewall%20%28ufw%29 UFW] | * [https://wiki.debian.org/Uncomplicated%20Firewall%20%28ufw%29 UFW] |
Revision as of 21:46, 4 December 2024
cat <<-'EXE'|sudo bash
apt-get update;echo
apt list -a --upgradable
apt-get install -y ufw nmap telnet
EXE
App
cat << INI | sudo tee /etc/ufw/applications.d/chorke >/dev/null
[Chorke]
title=Chorke Academia, Inc.
description=Chorke Academia, Inc. App
ports=1983/tcp
INI
|
cat /etc/ufw/applications.d/chorke
ls -lah /etc/ufw/applications.d/
sudo ufw app update Chorke
sudo ufw app info Chorke
sudo ufw app list
|
Allow
Allow » Basic | ||||
---|---|---|---|---|
Name | Allow | Name | Allow | |
HTTP | sudo ufw allow http |
RDP | sudo ufw allow 5900/tcp
| |
OpenSSH | sudo ufw allow OpenSSH |
MySQL | sudo ufw allow 3306/tcp
| |
LXD Bridge | sudo ufw allow in on lxdbr0 |
PostgreSQL | sudo ufw allow 5432/tcp
| |
LXD Bridge | sudo ufw route allow in on lxdbr0 |
Micro Services | sudo ufw allow 9000:9010/tcp
| |
LXD Bridge | sudo ufw route allow out on lxdbr0 |
MinIO Object Storage | sudo ufw allow 9800:9801/tcp
| |
Allow » Special | ||||
Name | Allow | Name | Allow | |
OpenVPN | sudo ufw allow 1194/udp |
GitLab | sudo ufw allow 1080/tcp
| |
MongoDB | sudo ufw allow 27017/tcp |
Git | sudo ufw allow 9418/tcp
| |
HTTPS | sudo ufw allow 443/tcp |
SMTP | sudo ufw allow 25/tcp
| |
Email Submission | sudo ufw allow 587/tcp |
SMTPS | sudo ufw allow 465/tcp
|
Allow » Minikube » Bridge
MINIKUBE_BRIDGE="br-$(docker network ls -fname=minikube --format=json|jq -r '.ID')"
sudo ufw allow in on ${MINIKUBE_BRIDGE}
sudo ufw status numbered
Status
sudo systemctl status ufw
sudo ufw status verbose
sudo ufw enable
|
sudo ufw delete allow 3306
sudo ufw status numbered
sudo ufw delete N
|
sudo ufw delete allow 9800:9801/tcp
sudo ufw delete allow 9000:9010/tcp
sudo ufw delete allow 3306/tcp
|
Playground
netstat -uap|grep nginx
apt list --installed
sudo ufw status
netstat -lpn
netstat -a
|
sudo ss -tulpn | grep LISTEN | grep resolve
sudo ss -tulpn | grep LISTEN | grep minio
sudo ss -tulpn | grep LISTEN | grep sshd
sudo ss -tulwn | grep LISTEN
sudo ss -tulpn | grep LISTEN
|
sudo lsof -i -P -n | grep LISTEN
sudo ss -tulpn | grep LISTEN
sudo ufw allow 'Nginx HTTP'
sudo ufw app list
sudo ufw status
|
| ||
sudo systemctl status ufw
sudo apt-get install gufw
sudo ufw status numbered
sudo ufw status verbose
sudo ufw disable
sudo ufw enable
sudo ufw status
|
nc -uv vpn.shahed.biz 1194 # udp
nc -tv vpn.shahed.biz 80 # tcp
nc -tv vpn.shahed.biz 53 # tcp
sudo nmap -sT localhost # tcp
sudo nmap -sU localhost # udp
nc -uv localhost 1194 # udp
nc -tv localhost 80 # tcp
|
sudo -i -u minikube
echo $(ip r g $(minikube ip)|awk '{print $3}'|head -n1)
sudo nmap -sU -sT -p U:1194,T:22,53,443 vpn.shahed.biz
sudo ufw --dry-run allow https
sudo ufw --dry-run allow http
|
| ||
journalctl -xeu mongod.service
systemctl daemon-reload
journalctl -xe|less
journalctl -xe|tail
journalctl -xe
|
sudo ufw app info 'Apache Secure'
sudo ufw app info 'Apache Full'
sudo ufw app info 'Apache'
sudo ufw app info OpenSSH
sudo ufw app info CUPS
|
cat /etc/ufw/applications.d/apache2-utils.ufw.profile
cat /etc/ufw/applications.d/openssh-server
cat /etc/ufw/applications.d/cups
ls -alh /etc/ufw/applications.d/
sudo ufw app list
|
| ||
sudo ufw allow from 10.19.83.10 to any app Chorke
sudo ufw allow Chorke
sudo ufw delete allow Chorke
|
References
| ||