Last active
June 27, 2017 15:14
-
-
Save VirtuBox/899ed2b67e658e0d98c5ce80f6d0d24a to your computer and use it in GitHub Desktop.
UFW Firewall - Basic configuration and examples
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## to identify what services are running on your server use | |
| netstat -tulpn | |
| ## enable logging | |
| ufw logging on | |
| ## Use the default rules to allow outgoing traffic and to deny all incoming traffic. | |
| ufw default allow outgoing | |
| ufw default deny incoming | |
| ## allow SSH - DNS - HTTP and HTTPS - NTP | |
| ufw allow 22 | |
| ufw allow 53 | |
| ufw allow http | |
| ufw allow https | |
| ufw allow 123 | |
| ## Librenms SNMP and Unix-agent | |
| ufw allow 161 | |
| ufw allow 6556 | |
| ## Netdata dashboard | |
| ufw allow 19999 | |
| ## EasyEngine default backend | |
| ufw allow 22222 | |
| ### Some other examples : | |
| ## Allow connections on all ports from an IP | |
| ufw allow from 123.45.67.89 | |
| ## Allow connections on all ports from a subnet | |
| ufw allow from 123.45.67.89/24 | |
| ## Specify a port + an IP + a protocol | |
| ufw allow from 123.45.67.89 to any port 22 proto tcp | |
| # Whitelist Cloudflare network IPv4+IPv6 | |
| wget https://raw.githubusercontent.com/Paul-Reed/cloudflare-ufw/master/cloudflare-ufw.sh | |
| bash cloudflare-ufw.sh | |
| ufw enable |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment