Thursday, July 9, 2015

Firewall Config

Firewall Configuration

adding rules before enabling the firewall 
ufw allow proto tcp from any to any port 22

       before running 'ufw enable'
ufw limit ssh/tcp
ufw allow log 22/tcp
ufw deny proto udp from 1.2.3.4 to any port 514

For example, when IPv6 is enabled, the following rule will allow
       access to port 22 for both IPv4 and IPv6 traffic:

         ufw allow 22
       IPv6 over IPv4 tunnels and 6to4 are supported by using the 'ipv6'  pro‐
       tocol  ('41'). This protocol can only be used with the full syntax. For
       example:

         ufw allow to 10.0.0.1 proto ipv6
         ufw allow to 10.0.0.1 from 10.4.0.0/16 proto ipv6

     ufw report *****

         raw
         builtins
         before-rules
         user-rules
         after-rules
         logging-rules
         listening
         added
       The  raw  report  shows  the complete firewall, while the others show a
       subset of what is in the raw report.

ufw logging *****

off    disables ufw managed logging
low    logs all blocked packets not matching the default  policy  (with
          rate limiting), as well as packets matching logged rules
medium log level low, plus all allowed packets not matching the default
              policy, all INVALID packets, and all new connections.  All  log‐
              ging is done with rate limiting.
high   log  level medium (without rate limiting), plus all packets with
              rate limiting

full   log level high without rate limiting


at No comments:
Štítky: , , , ,
Subscribe to: Posts (Atom)