UFW help on configuration

[Jay Ridgley]

On 08/14/2017 05:00 PM, Tony Arnold wrote:
> Jay,
> 
> This page may help:
> 
> https://help.ubuntu.com/community/UFW
> 
> It seems the UFW syntax does not directly support ICMP protocol. The
> above page shows how to deal with ICMP PING traffic, which I think you
> could adapt for your purposes.
> 
> Regards,
> Tony.
> 
> On Mon, 2017-08-14 at 16:21 -0500, Jay Ridgley wrote:
>> Good Afternoon,
>>
>> I have used UFW (Uncomplicated Firewall) for a number of years and
>> it
>> has performed very well, for the most part just the default
>> configuration is what I have been using.
>>
>> Now I need to add a three of rules and I do not know how to
>> translate
>> them from iptable notation to UFW notation. The rules folow (in
>> iptable
>> format):
>>
>> 1. ipchains -A input -p icmp --icmp-type address-mask-requests -j
>> DROP
>> 2. ipchains -A input -p icmp --icmp-tyoe timestamp-request -j DROP
>> 3. ipchains -A output -p icmp --icmp-type timestamp-reply - j DROP
>>
>> I am not at all sure how to translate these into UFW notation. Help,
>> please.
Thanks Tony,

If I understand things correctly adding the following rules should work:

-A ufw-before-input -p icmp --icmp-tyoe timestamp-request -j DROP
-A ufw-before-input -p icmp --icmp-type address-mask-requests -j DROP

Correct?

However, this still leaves #3 above to be handled. I find nothing in the 
examples that would handle an output rule

Cheers,
Jay

>>
>> The above entries have to do with compliance with PCI DSS. From an
>> entity that will be processing credit card payments for a company I
>> volunteer working with as treasurer.
>>
>> Current software in use is: 16.04.3 server
>>
>> Thanks,
>> Jay
>> -- 
>> Jay Ridgley
>> jridgley2 at austin.rr.com
>> Registered Linux User ID - 9115
>> https://linuxcounter.net/cert/9115.png
>> Registered Ubuntu User ID - 23320
>>


-- 
Jay Ridgley
jridgley2 at austin.rr.com
Registered Linux User ID - 9115
https://linuxcounter.net/cert/9115.png
Registered Ubuntu User ID - 23320