Controlling memcached access with ufw

Simon Males sime at
Wed Aug 24 13:53:29 UTC 2011

(read: 'Securing' memcached)

I hope to cluster memcached. The network is untrusted and I must
restrict the allowed clients. So this is my first attempt at

I've switched the ufw's DEFAULT_INPUT_POLICY to ACCEPT as there is no
current firewall. Next I added two clients which have explicit access
to port 11212 followed by a catch all DENY to 11212.

# ufw status verbose
Status: active
Logging: on (low)
Default: allow (incoming), allow (outgoing)
New profiles: skip

To                         Action      From
--                         ------      ----
11212                      ALLOW IN
11212                      ALLOW IN
11212                      DENY IN     Anywhere
11212                      DENY IN     Anywhere (v6)

Does this sound like a decent attempt at locking down memcached?

Additionally with the above rules, could I create an application
profile? Ideally there will be multiple memcached servers, and I would
like to version control the profile.

Simon Males

More information about the ubuntu-server mailing list