Created
July 11, 2018 03:29
-
-
Save peterneave/334856152dcbd574b0eee0b7546cf17f to your computer and use it in GitHub Desktop.
Setup Firewall with UFW on Debian/Ubuntu
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #See https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-16-04 for more details on UFW commands | |
| #change to root | |
| sudo -i | |
| #install ufw | |
| apt install ufw | |
| #enable writing logs to separate file https://askubuntu.com/a/728657 | |
| sed -i '/^#& ~/s/^#//' /etc/rsyslog.d/20-ufw.conf | |
| /etc/init.d/rsyslog restart | |
| #(optional) if you become stuck, start at this point and run down again. | |
| ufw reset | |
| #add rules | |
| ufw allow from 192.168.8.0/22 | |
| #ufw allow from 192.168.8.0/22 to any port 22 | |
| #ufw allow from 192.168.8.0/22 to any port 443 | |
| #block all incoming and allow all outgoing | |
| ufw default deny incoming | |
| ufw default allow outgoing | |
| #review rules | |
| less /lib/ufw/user.rules | |
| #enable firewall (be careful you haven't locked yourself out! If you are over terminal, ensure 22 for your IP address is available) | |
| ufw enable | |
| ufw status verbose | |
| #try out the rules | |
| watch -d --interval 0 'iptables -nvL | grep -v "0 0"' | |
| #clean up any old rules if you don't need them. | |
| rm /lib/ufw/user{,6}.rules.* | |
| rm /etc/ufw/before{,6}.rules.* | |
| rm /etc/ufw/after{,6}.rules.* |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment