UFW
cat <<-'EXE'|sudo bash
apt-get update;echo
apt list -a --upgradable
apt-get install -y ufw nmap telnet
EXE
App
cat << INI | sudo tee /etc/ufw/applications.d/chorke >/dev/null
[Chorke]
title=Chorke Academia, Inc.
description=Chorke Academia, Inc. App
ports=1983/tcp
INI
|
cat /etc/ufw/applications.d/chorke
ls -lah /etc/ufw/applications.d/
sudo ufw app update Chorke
sudo ufw app info Chorke
sudo ufw app list
| |
|
| ||
sudo ufw allow from 10.19.83.10 to any app Chorke
sudo ufw allow Chorke
sudo ufw status verbose
|
sudo ufw delete allow from 10.19.83.10 to any app Chorke
sudo ufw delete allow Chorke
sudo ufw status numbered
| |
Allow
| Allow » Basic | ||||
|---|---|---|---|---|
| Name | Allow | Name | Allow | |
| HTTP | sudo ufw allow http |
RDP | sudo ufw allow 5900/tcp
| |
| OpenSSH | sudo ufw allow OpenSSH |
MySQL | sudo ufw allow 3306/tcp
| |
| LXD Bridge | sudo ufw allow in on lxdbr0 |
PostgreSQL | sudo ufw allow 5432/tcp
| |
| LXD Bridge | sudo ufw route allow in on lxdbr0 |
Micro Services | sudo ufw allow 9000:9010/tcp
| |
| LXD Bridge | sudo ufw route allow out on lxdbr0 |
MinIO Object Storage | sudo ufw allow 9800:9801/tcp
| |
| Allow » Special | ||||
| Name | Allow | Name | Allow | |
| OpenVPN | sudo ufw allow 1194/udp |
GitLab | sudo ufw allow 1080/tcp
| |
| MongoDB | sudo ufw allow 27017/tcp |
Git | sudo ufw allow 9418/tcp
| |
| HTTPS | sudo ufw allow 443/tcp |
SMTP | sudo ufw allow 25/tcp
| |
| Email Submission | sudo ufw allow 587/tcp |
SMTPS | sudo ufw allow 465/tcp
| |
| HTTP ALT | sudo ufw allow 8000/tcp |
SMTP RAP | sudo ufw allow 162/tcp
| |
Allow » Minikube » Bridge
MINIKUBE_BRIDGE="br-$(docker network ls -fname=minikube --format=json|jq -r '.ID')"
sudo ufw allow in on ${MINIKUBE_BRIDGE}
sudo ufw status numbered
Status
sudo systemctl status ufw
sudo ufw status verbose
sudo ufw enable
|
sudo ufw delete allow 3306
sudo ufw status numbered
sudo ufw delete N
|
sudo ufw delete allow 9800:9801/tcp
sudo ufw delete allow 9000:9010/tcp
sudo ufw delete allow 3306/tcp
|
Verify
|
UFW » Allowed » Ports REMOTE_HOST="cid.chorke.org";\
REMOTE_PORTS="22 25 80 162 443 465 587";\
echo;for REMOTE_PORT in ${REMOTE_PORTS};do \
printf "\033[1;32mtelnet %s %-5d »\033[0m\n" ${REMOTE_HOST} ${REMOTE_PORT};\
telnet ${REMOTE_HOST} ${REMOTE_PORT} & sleep 5 && kill -9 $! && echo; done
|
UFW » Denied » Ports REMOTE_HOST="cid.chorke.org";\
REMOTE_PORTS="3306 4321 5432 5900 8080";\
echo;for REMOTE_PORT in ${REMOTE_PORTS};do \
printf "\033[1;31mtelnet %s %-5d »\033[0m\n" ${REMOTE_HOST} ${REMOTE_PORT};\
telnet ${REMOTE_HOST} ${REMOTE_PORT} & sleep 5 && kill -9 $! && echo; done
|
Playground
netstat -uap|grep nginx
apt list --installed
sudo ufw status
netstat -lpn
netstat -a
|
sudo ss -tulpn | grep LISTEN | grep resolve
sudo ss -tulpn | grep LISTEN | grep minio
sudo ss -tulpn | grep LISTEN | grep sshd
sudo ss -tulwn | grep LISTEN
sudo ss -tulpn | grep LISTEN
|
sudo lsof -i -P -n | grep LISTEN
sudo ss -tulpn | grep LISTEN
sudo ufw allow 'Nginx HTTP'
sudo ufw app list
sudo ufw status
|
|
| ||
sudo systemctl status ufw
sudo apt-get install gufw
sudo ufw status numbered
sudo ufw status verbose
sudo ufw disable
sudo ufw enable
sudo ufw status
|
nc -uv vpn.shahed.biz 1194 # udp
nc -tv vpn.shahed.biz 80 # tcp
nc -tv vpn.shahed.biz 53 # tcp
sudo nmap -sT localhost # tcp
sudo nmap -sU localhost # udp
nc -uv localhost 1194 # udp
nc -tv localhost 80 # tcp
|
sudo -i -u minikube
echo $(ip r g $(minikube ip)|awk '{print $3}'|head -n1)
sudo nmap -sU -sT -p U:1194,T:22,53,443 vpn.shahed.biz
sudo ufw --dry-run allow https
sudo ufw --dry-run allow http
|
|
| ||
journalctl -xeu mongod.service
systemctl daemon-reload
journalctl -xe|less
journalctl -xe|tail
journalctl -xe
|
sudo ufw app info 'Apache Secure'
sudo ufw app info 'Apache Full'
sudo ufw app info 'Apache'
sudo ufw app info OpenSSH
sudo ufw app info CUPS
|
cat /etc/ufw/applications.d/apache2-utils.ufw.profile
cat /etc/ufw/applications.d/openssh-server
cat /etc/ufw/applications.d/cups
ls -alh /etc/ufw/applications.d/
sudo ufw app list
|
|
| ||
sudo ufw allow from 10.19.83.110 to any app OpenSSH
sudo ufw allow from 10.19.83.110 to any port 22/tcp
|
sudo ufw delete allow from 10.19.83.110 to any app OpenSSH
sudo ufw delete allow from 10.19.83.110 to any port 22/tcp
| |
|
| ||
ssh -qt [email protected] ssh -qt [email protected] bash
sudo su
cat << EXE | sudo bash
systemctl status ufw
ufw enable
ufw allow 22/tcp
ufw allow 25/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 8000/tcp
ufw allow 67/udp
ufw allow 68/udp
ufw allow 162/udp
ufw allow from 10.19.83.1 to any port 22 proto tcp
ufw status numbered
systemctl status ufw
EXE
|
||
|
| ||
References
|
| ||