Created
February 3, 2019 06:07
-
-
Save briangordon/38d54c9d7961ba06a051836dd54deb34 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# UFW configuration for a home DMZ box exposed to the public internet, with only sshd reachable from the outside world. | |
# In addition to setting these rules you should also: | |
# 1. Edit /etc/ufw/before.rules to remove the default rules which permit incoming DHCP packets from the outside world. | |
# 2. Edit /etc/ufw/before.rules to remove the default rules which permit incoming ICMP packets from the outside world. | |
# 3. Edit /etc/default/ufw to turn off non-local ipv6 because I don't know enough about it to be confident. | |
ufw default deny incoming | |
ufw default allow outgoing | |
ufw limit log proto tcp to 0.0.0.0/0 port ssh | |
ufw allow proto udp from 192.168.0.0/16 to 0.0.0.0/0 port bootpc comment "required for dhclient" | |
ufw --force enable |
ufw allow proto tcp to 0.0.0.0/0 port 8997 comment "bittorrent"
ufw allow proto tcp from 192.168.0.0/16 to 0.0.0.0/0 port 3000 comment "flood UI for bittorrent"
cat > /etc/ufw/applications.d/nxserver <<-ENDOFMESSAGE
[nxserver]
title=NX protocol server
description=Part of NoMachine, a remote desktop solution.
ports=4000
ENDOFMESSAGE
ufw app update nxserver
ufw allow from any to 0.0.0.0/0 app nxserver
ufw limit log proto tcp from any to 0.0.0.0/0 port 2222
ufw allow proto tcp from any to 0.0.0.0/0 port 8080
ufw allow proto tcp from 192.168.0.0/16 to 0.0.0.0/0 port 8088
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
ufw allow log from 192.168.0.0/16 to 0.0.0.0/0 app "WWW Full"