Help in setting Firewall (ufw)

Charlie Kravetz cjk at teamcharliesangels.com
Tue Jan 20 01:06:02 UTC 2009


On Mon, 19 Jan 2009 16:33:02 -0800
Ray Parrish <crp at cmc.net> wrote:

> scott wrote:
> > Knute Johnson wrote:
> >   
> >> Roy M. wrote:
> >>     
> >>> Hello,
> >>>
> >>> Can anyone help me to translate my requests below to ufw
> >>> commands...
> >>>
> >>> 1. Block all access to server, except port 80 from public
> >>> 2. Enable ssh access (listening on port 8900), from IP range
> >>> 202.192.010.002 to 202.192.010.007
> >>>
> >>> THx...
> >>>
> >>>       
> >> If this shows up twice, I apologize. Something is amiss in my mail
> >> program.
> >>
> >> sudo ufw enable
> >>
> >> sudo ufw allow 80/tcp
> >>
> >> sudo ufw allow proto tcp from 202.192.10.2 to any port 8900
> >> sudo ufw allow proto tcp from 202.192.10.3 to any port 8900
> >> .4
> >> .5
> >> etc
> >>
> >> You have to do these separately as there is no way to do just the
> >> few you want with one command.
> >>
> >>     
> > Or simply learn Ip tables. Man IPTables is a great start.
> >
> > The really lazy can use arno's firewall and study it's syntax. Oh
> > yeah, it's arno-iptables-firewall for the junior people. A really
> > good start.
> >
> > Scott
> >
> >
> >   
> Hello,
> 
> I was wondering as I've been following this thread, if this can also
> be accomplished by making a couple of changes in the hosts.allow and 
> hosts.deny files? I know that to block all connections from the
> outside, one simply makes the hosts.deny file contain the one command
> ALL: ALL, and further that you can then use the hosts.allow file to
> whitelist exceptions to that global blockage, but I'm not very
> familiar with the possible entries that can be made in hosts.allow,
> and whether they include the ability to specify ports and ip
> addresses, instead of just host names and services.
> 
> I will also exercise my prerogative to RTFM on this question, after
> I'm through reading my group mails for the day, but thought that if
> it is possible, it would be an informative addition to this thread.
> 
> Thanks, Ray Parrish
> 

Host.allow can contain IP addresses; as a matter of fact, it must
contain only IP addresses if used for NFS.



-- 
Charlie Kravetz 
Linux Registered User Number 425914          [http://counter.li.org/]
Never let anyone steal your DREAM.           [http://keepingdreams.com]




More information about the ubuntu-users mailing list