ufw
- apt-get install ufw
- # all incoming drop
- ufw default deny incoming
- ——-Allow in all————
- ufw allow 80/tcp
- ufw allow 443/tcp
- ———————————-
- #mysql
- ufw allow in on eth1 to any port 3306
- #elasticsearch
- ufw allow from 210.4.64.0/24 to any proto tcp port 9200:9300
- #For SSH
- ufw allow from 210.4.64.0/24 to any proto tcp port 2222
- ufw allow from 210.4.77.0/24 to any proto tcp port 2222
- ufw allow from 103.16.72.0/24 to any proto tcp port 2222
- ufw allow from 103.16.74.0/24 to any proto tcp port 2222
- ——————————————–
- #ufw does not allow specifying icmp rules via the command line interface command. It does allow you to adjust your ruleset via its rules files, which are iptables-restore style files.
- #ufw does allow certain icmp traffic by default including icmp echo reply, and this is already configured by default in
- vi /etc/ufw/before.rules
- # ok icmp codes output
- -A ufw-before-output -p icmp –icmp-type destination-unreachable -j ACCEPT
- -A ufw-before-output -p icmp –icmp-type source-quench -j ACCEPT
- -A ufw-before-output -p icmp –icmp-type time-exceeded -j ACCEPT
- -A ufw-before-output -p icmp –icmp-type parameter-problem -j ACCEPT
- -A ufw-before-output -p icmp –icmp-type echo-request -j ACCEPT
- # for domain name ping and remort file down
- ufw allow out 53
- ufw allow out http
- ufw allow out https
- ——-Allow out all————
- ufw allow out from 210.4.64.0/22
- ufw allow out from 103.16.72.0/22
- ——————-
- # Allow specific services.
- # For SSH port 2222 and 10222
- ufw allow out from 210.4.64.0/24 to any proto tcp port 10222
- ufw allow out from 210.4.77.0/24 to any proto tcp port 10222
- ufw allow out from 103.16.72.0/24 to any proto tcp port 10222
- ufw allow out from 103.16.74.0/24 to any proto tcp port 10222
- ufw allow out from 210.4.64.0/24 to any proto tcp port 2222
- ufw allow out from 210.4.77.0/24 to any proto tcp port 2222
- ufw allow out from 103.16.72.0/24 to any proto tcp port 2222
- ufw allow out from 103.16.74.0/24 to any proto tcp port 2222
- # Mail
- ufw allow out 25
- #ossec-authd
- ufw allow out from 103.16.74.245 to any proto tcp port 1515
- # all outgoing drop
- ufw default deny outgoing
- ufw enable
- ufw reload
- ufw status verbose
ufw default deny incoming ufw default allow outgoing
* #For SSH
- ufw allow from 210.4.64.0/24 to any proto tcp port 2222
- ufw allow from 210.4.77.0/24 to any proto tcp port 2222
* #For web
- ufw allow 80
- ufw allow 443
- ufw allow from 103.250.43.0/24 to any proto tcp port 80 comment “OBL MRTG ACCESS” Rule updated
- ufw enable -y
- ufw delete allow 80/tcp
- ufw allow from 210.4.77.0/24 to any proto tcp port 10222
- ufw allow from 182.48.76.64/29 to any proto tcp port 10000:20000
- ufw allow 80/tcp
- sudo ufw delete allow 80/tcp
- ufw allow in on eth1 to any port 3306
- 222/tcp ALLOW Anywhere
- Anywhere ALLOW 172.16.0.0/12
- Anywhere ALLOW 192.168.0.0/16
- Anywhere ALLOW 103.123.169.104/29
- Anywhere ALLOW 172.172.172.0/24
- Anywhere ALLOW 172.200.20.0/24
- Anywhere ALLOW 192.172.10.0/24
- Anywhere ALLOW 103.156.67.0/24
- Anywhere ALLOW 103.156.67.128/25
- Anywhere ALLOW 103.156.67.64/26
- Anywhere ALLOW 103.156.67.0/27
- Anywhere ALLOW 10.0.0.0/8
- 2222/tcp (v6) ALLOW Anywhere (v6)
ufw.txt · Last modified: 2023/03/06 11:31 by 127.0.0.1