Help in setting Firewall (ufw)
Ray Parrish
crp at cmc.net
Tue Jan 20 00:33:02 UTC 2009
scott wrote:
> Knute Johnson wrote:
>
>> Roy M. wrote:
>>
>>> Hello,
>>>
>>> Can anyone help me to translate my requests below to ufw commands...
>>>
>>> 1. Block all access to server, except port 80 from public
>>> 2. Enable ssh access (listening on port 8900), from IP range
>>> 202.192.010.002 to 202.192.010.007
>>>
>>> THx...
>>>
>>>
>> If this shows up twice, I apologize. Something is amiss in my mail program.
>>
>> sudo ufw enable
>>
>> sudo ufw allow 80/tcp
>>
>> sudo ufw allow proto tcp from 202.192.10.2 to any port 8900
>> sudo ufw allow proto tcp from 202.192.10.3 to any port 8900
>> .4
>> .5
>> etc
>>
>> You have to do these separately as there is no way to do just the few
>> you want with one command.
>>
>>
> Or simply learn Ip tables. Man IPTables is a great start.
>
> The really lazy can use arno's firewall and study it's syntax. Oh
> yeah, it's arno-iptables-firewall for the junior people. A really good
> start.
>
> Scott
>
>
>
Hello,
I was wondering as I've been following this thread, if this can also be
accomplished by making a couple of changes in the hosts.allow and
hosts.deny files? I know that to block all connections from the outside,
one simply makes the hosts.deny file contain the one command ALL: ALL,
and further that you can then use the hosts.allow file to whitelist
exceptions to that global blockage, but I'm not very familiar with the
possible entries that can be made in hosts.allow, and whether they
include the ability to specify ports and ip addresses, instead of just
host names and services.
I will also exercise my prerogative to RTFM on this question, after I'm
through reading my group mails for the day, but thought that if it is
possible, it would be an informative addition to this thread.
Thanks, Ray Parrish
--
http://www.rayslinks.com/ Web index of human reviewed links.
<http://www.rayslinks.com/Troubleshooting%20and%20fixing%20Windows.html>
Trouble shooting and Fixing Windows
http://www.writingsoftheschizophrenic.com My poetry in web pages
More information about the ubuntu-users
mailing list