AMINUL ISLAM SHAMIM

User Tools

Site Tools

Trace: ufw
ufw
  • apt-get install ufw
  • # all incoming drop
  • ufw default deny incoming
  • ——-Allow in all————
  • ufw allow 80/tcp
  • ufw allow 443/tcp
  • ———————————-
  • #mysql
  • ufw allow in on eth1 to any port 3306
  • #elasticsearch
  • ufw allow from 210.4.64.0/24 to any proto tcp port 9200:9300
  • #For SSH
  • ufw allow from 210.4.64.0/24 to any proto tcp port 2222
  • ufw allow from 210.4.77.0/24 to any proto tcp port 2222
  • ufw allow from 103.16.72.0/24 to any proto tcp port 2222
  • ufw allow from 103.16.74.0/24 to any proto tcp port 2222
  • ——————————————–
  • #ufw does not allow specifying icmp rules via the command line interface command. It does allow you to adjust your ruleset via its rules files, which are iptables-restore style files.
  • #ufw does allow certain icmp traffic by default including icmp echo reply, and this is already configured by default in
  • vi /etc/ufw/before.rules
  • # ok icmp codes output
  • -A ufw-before-output -p icmp –icmp-type destination-unreachable -j ACCEPT
  • -A ufw-before-output -p icmp –icmp-type source-quench -j ACCEPT
  • -A ufw-before-output -p icmp –icmp-type time-exceeded -j ACCEPT
  • -A ufw-before-output -p icmp –icmp-type parameter-problem -j ACCEPT
  • -A ufw-before-output -p icmp –icmp-type echo-request -j ACCEPT
  • # for domain name ping and remort file down
  • ufw allow out 53
  • ufw allow out http
  • ufw allow out https
  • ——-Allow out all————
  • ufw allow out from 210.4.64.0/22
  • ufw allow out from 103.16.72.0/22
  • ——————-
  • # Allow specific services.
  • # For SSH port 2222 and 10222
  • ufw allow out from 210.4.64.0/24 to any proto tcp port 10222
  • ufw allow out from 210.4.77.0/24 to any proto tcp port 10222
  • ufw allow out from 103.16.72.0/24 to any proto tcp port 10222
  • ufw allow out from 103.16.74.0/24 to any proto tcp port 10222
  • ufw allow out from 210.4.64.0/24 to any proto tcp port 2222
  • ufw allow out from 210.4.77.0/24 to any proto tcp port 2222
  • ufw allow out from 103.16.72.0/24 to any proto tcp port 2222
  • ufw allow out from 103.16.74.0/24 to any proto tcp port 2222
  • # Mail
  • ufw allow out 25
  • #ossec-authd
  • ufw allow out from 103.16.74.245 to any proto tcp port 1515
  • # all outgoing drop
  • ufw default deny outgoing
  • ufw enable
  • ufw reload
  • ufw status verbose
 ufw default deny incoming
 ufw default allow outgoing

* #For SSH

  • ufw allow from 210.4.64.0/24 to any proto tcp port 2222
  • ufw allow from 210.4.77.0/24 to any proto tcp port 2222

* #For web

  • ufw allow 80
  • ufw allow 443
  • ufw allow from 103.250.43.0/24 to any proto tcp port 80 comment “OBL MRTG ACCESS” Rule updated
  • ufw enable -y
  • ufw delete allow 80/tcp
  • ufw allow from 210.4.77.0/24 to any proto tcp port 10222
  • ufw allow from 182.48.76.64/29 to any proto tcp port 10000:20000
  • ufw allow 80/tcp
  • sudo ufw delete allow 80/tcp
  • ufw allow in on eth1 to any port 3306
  • 222/tcp ALLOW Anywhere
  • Anywhere ALLOW 172.16.0.0/12
  • Anywhere ALLOW 192.168.0.0/16
  • Anywhere ALLOW 103.123.169.104/29
  • Anywhere ALLOW 172.172.172.0/24
  • Anywhere ALLOW 172.200.20.0/24
  • Anywhere ALLOW 192.172.10.0/24
  • Anywhere ALLOW 103.156.67.0/24
  • Anywhere ALLOW 103.156.67.128/25
  • Anywhere ALLOW 103.156.67.64/26
  • Anywhere ALLOW 103.156.67.0/27
  • Anywhere ALLOW 10.0.0.0/8
  • 2222/tcp (v6) ALLOW Anywhere (v6)
ufw.txt · Last modified: 2023/03/06 11:31 by 127.0.0.1