* * * * apt-get install ufw * * # all incoming drop * ufw default deny incoming * * -------Allow in all------------ * ufw allow 80/tcp * ufw allow 443/tcp * ---------------------------------- * #mysql * ufw allow in on eth1 to any port 3306 * #elasticsearch * ufw allow from 210.4.64.0/24 to any proto tcp port 9200:9300 * * #For SSH * ufw allow from 210.4.64.0/24 to any proto tcp port 2222 * ufw allow from 210.4.77.0/24 to any proto tcp port 2222 * ufw allow from 103.16.72.0/24 to any proto tcp port 2222 * ufw allow from 103.16.74.0/24 to any proto tcp port 2222 * * * * -------------------------------------------- * #ufw does not allow specifying icmp rules via the command line interface command. It does allow you to adjust your ruleset via its rules files, which are iptables-restore style files. * #ufw does allow certain icmp traffic by default including icmp echo reply, and this is already configured by default in * vi /etc/ufw/before.rules * * # ok icmp codes output * -A ufw-before-output -p icmp --icmp-type destination-unreachable -j ACCEPT * -A ufw-before-output -p icmp --icmp-type source-quench -j ACCEPT * -A ufw-before-output -p icmp --icmp-type time-exceeded -j ACCEPT * -A ufw-before-output -p icmp --icmp-type parameter-problem -j ACCEPT * -A ufw-before-output -p icmp --icmp-type echo-request -j ACCEPT * * # for domain name ping and remort file down * * ufw allow out 53 * ufw allow out http * ufw allow out https * * -------Allow out all------------ * ufw allow out from 210.4.64.0/22 * ufw allow out from 103.16.72.0/22 * ------------------- * # Allow specific services. * # For SSH port 2222 and 10222 * ufw allow out from 210.4.64.0/24 to any proto tcp port 10222 * ufw allow out from 210.4.77.0/24 to any proto tcp port 10222 * ufw allow out from 103.16.72.0/24 to any proto tcp port 10222 * ufw allow out from 103.16.74.0/24 to any proto tcp port 10222 * * ufw allow out from 210.4.64.0/24 to any proto tcp port 2222 * ufw allow out from 210.4.77.0/24 to any proto tcp port 2222 * ufw allow out from 103.16.72.0/24 to any proto tcp port 2222 * ufw allow out from 103.16.74.0/24 to any proto tcp port 2222 * * # Mail * ufw allow out 25 * * #ossec-authd * ufw allow out from 103.16.74.245 to any proto tcp port 1515 * * # all outgoing drop * ufw default deny outgoing * * ufw enable * ufw reload * ufw status verbose ufw default deny incoming ufw default allow outgoing * #For SSH * ufw allow from 210.4.64.0/24 to any proto tcp port 2222 * ufw allow from 210.4.77.0/24 to any proto tcp port 2222 * #For web * ufw allow 80 * ufw allow 443 * ufw allow from 103.250.43.0/24 to any proto tcp port 80 comment "OBL MRTG ACCESS" Rule updated * * * ufw enable -y * ufw delete allow 80/tcp * * ufw allow from 210.4.77.0/24 to any proto tcp port 10222 * ufw allow from 182.48.76.64/29 to any proto tcp port 10000:20000 * ufw allow 80/tcp * sudo ufw delete allow 80/tcp * ufw allow in on eth1 to any port 3306 * 222/tcp ALLOW Anywhere * Anywhere ALLOW 172.16.0.0/12 * Anywhere ALLOW 192.168.0.0/16 * Anywhere ALLOW 103.123.169.104/29 * Anywhere ALLOW 172.172.172.0/24 * Anywhere ALLOW 172.200.20.0/24 * Anywhere ALLOW 192.172.10.0/24 * Anywhere ALLOW 103.156.67.0/24 * Anywhere ALLOW 103.156.67.128/25 * Anywhere ALLOW 103.156.67.64/26 * Anywhere ALLOW 103.156.67.0/27 * Anywhere ALLOW 10.0.0.0/8 * 2222/tcp (v6) ALLOW Anywhere (v6)