Difference between revisions of "Gufw Firewall"
From MyWiki
(Created page with "https://help.ubuntu.com/community/UFW") |
|||
| (6 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | An addition to the before.rules in the /etc/ufw directory<br> | ||
| + | <source lang="text"> | ||
| + | # START OPENVPN RULES | ||
| + | # NAT table rules | ||
| + | *nat | ||
| + | :POSTROUTING ACCEPT [0:0] | ||
| + | :PREROUTING ACCEPT [0:0] | ||
| + | # Allow traffic from OpenVPN client to wlp11s0 (change to the interface you discovered!) | ||
| + | -A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE | ||
| + | -A PREROUTING -i eth0 -p tcp -s 158.223.0.0/16 --dport 3389 -j DNAT --to 10.27.139.30:3389 | ||
| + | -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 10.27.139.30:80 | ||
| + | -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to 10.27.139.30:443 | ||
| + | -A PREROUTING -i eth0 -p tcp --dport 1433 -j DNAT --to 10.27.139.31:1433 | ||
| + | -A PREROUTING -i eth0 -p tcp --dport 4569 -j DNAT --to 10.27.139.33:4569 | ||
| + | -A PREROUTING -i eth0 -p udp --dport 4569 -j DNAT --to 10.27.139.33:4569 | ||
| + | |||
| + | COMMIT | ||
| + | # END OPENVPN RULES | ||
| + | |||
| + | </source> | ||
| + | |||
| + | |||
| + | |||
https://help.ubuntu.com/community/UFW | https://help.ubuntu.com/community/UFW | ||
| + | Enable and Disable | ||
| + | Enable UFW | ||
| + | To turn UFW on with the default set of rules: | ||
| + | '''sudo ufw enable''' | ||
| + | To check the status of UFW: | ||
| + | '''sudo ufw status verbose''' | ||
| + | The output should be like this: | ||
| + | youruser@yourcomputer:~$ '''sudo ufw status verbose''' | ||
| + | [sudo] password for youruser: | ||
| + | Status: active | ||
| + | Logging: on (low) | ||
| + | Default: deny (incoming), allow (outgoing) | ||
| + | New profiles: skip | ||
| + | youruser@yourcomputer:~$ | ||
| + | Note that by default, deny is being applied to incoming. There are exceptions, which can be found in the output of this command: | ||
| + | '''sudo ufw show raw''' | ||
| + | You can also read the rules files in /etc/ufw (the files whose names end with .rules). | ||
| + | Disable UFW | ||
| + | To disable ufw use: | ||
| + | '''sudo ufw disable''' | ||
Latest revision as of 17:26, 8 June 2018
An addition to the before.rules in the /etc/ufw directory
# START OPENVPN RULES # NAT table rules *nat :POSTROUTING ACCEPT [0:0] :PREROUTING ACCEPT [0:0] # Allow traffic from OpenVPN client to wlp11s0 (change to the interface you discovered!) -A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE -A PREROUTING -i eth0 -p tcp -s 158.223.0.0/16 --dport 3389 -j DNAT --to 10.27.139.30:3389 -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 10.27.139.30:80 -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to 10.27.139.30:443 -A PREROUTING -i eth0 -p tcp --dport 1433 -j DNAT --to 10.27.139.31:1433 -A PREROUTING -i eth0 -p tcp --dport 4569 -j DNAT --to 10.27.139.33:4569 -A PREROUTING -i eth0 -p udp --dport 4569 -j DNAT --to 10.27.139.33:4569 COMMIT # END OPENVPN RULES
https://help.ubuntu.com/community/UFW
Enable and Disable
Enable UFW
To turn UFW on with the default set of rules:
sudo ufw enable
To check the status of UFW:
sudo ufw status verbose
The output should be like this:
youruser@yourcomputer:~$ sudo ufw status verbose
[sudo] password for youruser:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip
youruser@yourcomputer:~$
Note that by default, deny is being applied to incoming. There are exceptions, which can be found in the output of this command:
sudo ufw show raw
You can also read the rules files in /etc/ufw (the files whose names end with .rules).
Disable UFW
To disable ufw use:
sudo ufw disable
