ufw

apt-get install ufw
# all incoming drop
ufw default deny incoming
——-Allow in all————
ufw allow 80/tcp
ufw allow 443/tcp
———————————-
#mysql
ufw allow in on eth1 to any port 3306
#elasticsearch
ufw allow from 210.4.64.0/24 to any proto tcp port 9200:9300
#For SSH
ufw allow from 210.4.64.0/24 to any proto tcp port 2222
ufw allow from 210.4.77.0/24 to any proto tcp port 2222
ufw allow from 103.16.72.0/24 to any proto tcp port 2222
ufw allow from 103.16.74.0/24 to any proto tcp port 2222
——————————————–
#ufw does not allow specifying icmp rules via the command line interface command. It does allow you to adjust your ruleset via its rules files, which are iptables-restore style files.
#ufw does allow certain icmp traffic by default including icmp echo reply, and this is already configured by default in
vi /etc/ufw/before.rules
# ok icmp codes output
-A ufw-before-output -p icmp –icmp-type destination-unreachable -j ACCEPT
-A ufw-before-output -p icmp –icmp-type source-quench -j ACCEPT
-A ufw-before-output -p icmp –icmp-type time-exceeded -j ACCEPT
-A ufw-before-output -p icmp –icmp-type parameter-problem -j ACCEPT
-A ufw-before-output -p icmp –icmp-type echo-request -j ACCEPT
# for domain name ping and remort file down
ufw allow out 53
ufw allow out http
ufw allow out https
——-Allow out all————
ufw allow out from 210.4.64.0/22
ufw allow out from 103.16.72.0/22
——————-
# Allow specific services.

 ufw default deny incoming
 ufw default allow outgoing

* #For SSH

* #For web

ufw allow from 103.250.43.0/24 to any proto tcp port 80 comment “OBL MRTG ACCESS” Rule updated
ufw enable -y
ufw delete allow 80/tcp
ufw allow from 210.4.77.0/24 to any proto tcp port 10222
ufw allow from 182.48.76.64/29 to any proto tcp port 10000:20000
ufw allow 80/tcp
sudo ufw delete allow 80/tcp
ufw allow in on eth1 to any port 3306