Ufw: Difference between revisions
From Lolly's Wiki
Jump to navigationJump to search
No edit summary |
No edit summary |
||
| Line 58: | Line 58: | ||
==Own applications== | ==Own applications== | ||
===nrpe=== | |||
/etc/ufw/applications.d/nrpe | /etc/ufw/applications.d/nrpe | ||
<source lang=bash> | <source lang=bash> | ||
| Line 66: | Line 67: | ||
</source> | </source> | ||
===MySQL=== | |||
/etc/ufw/applications.d/mysql | /etc/ufw/applications.d/mysql | ||
<source lang=bash> | <source lang=bash> | ||
| Line 74: | Line 76: | ||
</source> | </source> | ||
===Exim=== | |||
/etc/ufw/applications.d/exim | |||
<source lang=bash> | |||
[Exim SMTP] | |||
title=Mail Server (Exim, SMTP) | |||
description=Small, but very powerful and efficient mail server | |||
ports=25/tcp | |||
[Exim SMTP Virusscanned] | |||
title=Mail Server (Exim, SMTP Virusscanned) | |||
description=Small, but very powerful and efficient mail server | |||
ports=26/tcp | |||
[Exim SMTPS] | |||
title=Mail Server (Exim, SMTPS) | |||
description=Small, but very powerful and efficient mail server | |||
ports=465/tcp | |||
[Exim SMTP Message Submission] | |||
title=Mail Server (Exim, Message Submission) | |||
description=Small, but very powerful and efficient mail server | |||
ports=587/tcp | |||
</source> | |||
===Inspect your application profile=== | |||
<source lang=bash> | <source lang=bash> | ||
# ufw app info MySQL | # ufw app info MySQL | ||
Revision as of 15:01, 19 August 2015
Disable IPv6
/etc/default/ufw
# Set to yes to apply rules to support IPv6 (no means only IPv6 on loopback
# accepted). You will need to 'disable' and then 'enable' the firewall for
# the changes to take affect.
IPV6=no
/etc/ufw/sysctl.conf
# Uncomment this to turn off ipv6 autoconfiguration
net/ipv6/conf/default/autoconf=0
net/ipv6/conf/all/autoconf=0
Setup Rules
Adding a rule
# ufw allow log-all from 192.168.2.0/24 to any app OpenSSH
Rule added
# ufw status verbose
Status: active
Logging: on (low)
Default: reject (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp (OpenSSH) ALLOW IN 192.168.2.0/24 (log-all)
Inserting before
# ufw insert 1 allow log-all from 192.168.1.0/24 to any app OpenSSH
Rule inserted
# ufw status verbose
Status: active
Logging: on (low)
Default: reject (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp (OpenSSH) ALLOW IN 192.168.1.0/24 (log-all)
22/tcp (OpenSSH) ALLOW IN 192.168.2.0/24 (log-all)
# ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] OpenSSH ALLOW IN 192.168.1.0/24 (log-all)
[ 2] OpenSSH ALLOW IN 192.168.2.0/24 (log-all)
Own applications
nrpe
/etc/ufw/applications.d/nrpe
[NRPE]
title=Nagios NRPE
description=Nagios Remote Plugin Executor
ports=5666/tcp
MySQL
/etc/ufw/applications.d/mysql
[MySQL]
title=MySQL Server (MySQL, MYSQL)
description=Old and rusty SQL server
ports=3306/tcp
Exim
/etc/ufw/applications.d/exim
[Exim SMTP]
title=Mail Server (Exim, SMTP)
description=Small, but very powerful and efficient mail server
ports=25/tcp
[Exim SMTP Virusscanned]
title=Mail Server (Exim, SMTP Virusscanned)
description=Small, but very powerful and efficient mail server
ports=26/tcp
[Exim SMTPS]
title=Mail Server (Exim, SMTPS)
description=Small, but very powerful and efficient mail server
ports=465/tcp
[Exim SMTP Message Submission]
title=Mail Server (Exim, Message Submission)
description=Small, but very powerful and efficient mail server
ports=587/tcp
Inspect your application profile
# ufw app info MySQL
Profile: MySQL
Title: MySQL Server (MySQL, MYSQL)
Description: Old and rusty SQL server
Port:
3306/tcp
