craig-m-unsw/ufw_setup_notes.MD

## ufw_setup_notes.MD

      
    Raw
  

              ufw_setup_notes.MD
            
          
    ufw (Uncomplicated Firewall) example setup

install from ufw if missing:
sudo dnf install -y ufw

sudo apt install -y ufw

default deny
ufw default deny outgoing
ufw default deny incoming
Inbound rules:
# allow 8080 from any
ufw allow 8080/tcp
# allow ssh from local subnet
ufw allow from 192.168.1.0/24 to any port 22 proto tcp
Limited outbound:
ufw allow out 80,443/tcp # http/s
ufw allow out 53,123/tcp # dns, ntp
ufw allow out 53,123/udp # dns, ntp
ufw allow out 67,68/udp # dhcp
# outbound mysql to DB server IP
ufw allow out from any to 192.168.2.2 port 3306 proto tcp
finish up
ufw enable
ufw logging on
ufw status verbose
ufw links


Code repo: https://launchpad.net/ufw
man page: https://manpages.ubuntu.com/manpages/bionic/en/man8/ufw.8.html
Arch wiki: https://wiki.archlinux.org/title/Uncomplicated_Firewall

misc

not ufw.
route blackholes, these will not persist after reboot:
ip route add blackhole 10.0.0.0/8
ip route add blackhole 172.16.0.0/12
ip route add blackhole 192.168.0.0/16