#!/bin/sh

# disable firewall
sudo ufw disable

# reset all firewall rules
sudo ufw reset --force

# set default rules: deny all incoming traffic, allow all outgoing traffic
sudo ufw default deny incoming
sudo ufw default allow outgoing

#  Some rules

# open port for SSH (remote support)
# ufw supports connection rate limiting, which is useful for protecting
# against brute-force login attacks. ufw will deny connections if an IP
# address has attempted to initiate 6 or more connections in the last 30
# seconds. See http://www.debian-administration.org/articles/187 for details.
sudo ufw limit log from 192.168.0.0/24 to any proto tcp port 22

## Allow DNS - HTTP and HTTPS  - NTP
ufw allow 53
ufw allow http/tcp
ufw allow https/tcp
ufw allow 123

## Librenms SNMP and Unix-agent
ufw allow 161
ufw allow 6556

## Allow connections on all ports from an IP 
ufw allow from xx.xx.xx.xx

# Don't allow public Internet access (0.0.0.0/0) to this list 
20/21 - FTP
22 - SSH
3306 - MySQL
5432 - PostgreSQL
# windows stuff
1433 - MSSQL Server
1434 - MSSQL Monitor
4333 - MSQL
3389 - RDP # Remote Desktop Protocol for windows
5500 - VNC RDP # Virtual Network Computing comme RDP mais 

Whitelist Cloudflare network IPv4+IPv6
wget https://raw.githubusercontent.com/Paul-Reed/cloudflare-ufw/master/cloudflare-ufw.sh
bash cloudflare-ufw.sh

# Restart
sudo ufw disable && sudo ufw enable
sudo ufw reload

# Eenable firewall
sudo ufw enable

# list all firewall rules
sudo ufw status numbered verbose