phares3757/linux-ubuntu-server
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux-ubuntu-server/etc/ufw/user.rules
Mike Phares 1c0b573f60 01-06-a
2025-01-06 18:26:44 -07:00

104 lines
4.6 KiB
Plaintext
Raw Blame History

*filter
:ufw-user-input - [0:0]
:ufw-user-output - [0:0]
:ufw-user-forward - [0:0]
:ufw-before-logging-input - [0:0]
:ufw-before-logging-output - [0:0]
:ufw-before-logging-forward - [0:0]
:ufw-user-logging-input - [0:0]
:ufw-user-logging-output - [0:0]
:ufw-user-logging-forward - [0:0]
:ufw-after-logging-input - [0:0]
:ufw-after-logging-output - [0:0]
:ufw-after-logging-forward - [0:0]
:ufw-logging-deny - [0:0]
:ufw-logging-allow - [0:0]
:ufw-user-limit - [0:0]
:ufw-user-limit-accept - [0:0]
### RULES ###
### tuple ### allow tcp 53 0.0.0.0/0 any 0.0.0.0/0 in comment=30312920444e5320544350
-A ufw-user-input -p tcp --dport 53 -j ACCEPT
### tuple ### allow udp 53 0.0.0.0/0 any 0.0.0.0/0 in comment=30322920444e5320554450
-A ufw-user-input -p udp --dport 53 -j ACCEPT
### tuple ### allow tcp 67 0.0.0.0/0 any 0.0.0.0/0 in comment=303329204448435020544350
-A ufw-user-input -p tcp --dport 67 -j ACCEPT
### tuple ### allow udp 67 0.0.0.0/0 any 0.0.0.0/0 in comment=303429204448435020554450
-A ufw-user-input -p udp --dport 67 -j ACCEPT
### tuple ### allow any any 0.0.0.0/0 443 0.0.0.0/0 in comment=303529204854545053
-A ufw-user-input -p tcp --sport 443 -j ACCEPT
-A ufw-user-input -p udp --sport 443 -j ACCEPT
### tuple ### allow any 443 0.0.0.0/0 any 0.0.0.0/0 in comment=303629204854545053
-A ufw-user-input -p tcp --dport 443 -j ACCEPT
-A ufw-user-input -p udp --dport 443 -j ACCEPT
### tuple ### allow any any 0.0.0.0/0 22 192.168.11.0/25 in comment=30372920535348
-A ufw-user-input -p tcp -s 192.168.11.0/25 --sport 22 -j ACCEPT
-A ufw-user-input -p udp -s 192.168.11.0/25 --sport 22 -j ACCEPT
### tuple ### allow any any 0.0.0.0/0 22 192.168.21.0/25 in comment=30382920535348
-A ufw-user-input -p tcp -s 192.168.21.0/25 --sport 22 -j ACCEPT
-A ufw-user-input -p udp -s 192.168.21.0/25 --sport 22 -j ACCEPT
### tuple ### allow any any 0.0.0.0/0 22 192.168.31.0/25 in comment=30392920535348
-A ufw-user-input -p tcp -s 192.168.31.0/25 --sport 22 -j ACCEPT
-A ufw-user-input -p udp -s 192.168.31.0/25 --sport 22 -j ACCEPT
### tuple ### allow any any 0.0.0.0/0 22 192.168.41.0/25 in comment=31302920535348
-A ufw-user-input -p tcp -s 192.168.41.0/25 --sport 22 -j ACCEPT
-A ufw-user-input -p udp -s 192.168.41.0/25 --sport 22 -j ACCEPT
### tuple ### allow any any 0.0.0.0/0 22 192.168.42.0/25 in comment=31312920535348
-A ufw-user-input -p tcp -s 192.168.42.0/25 --sport 22 -j ACCEPT
-A ufw-user-input -p udp -s 192.168.42.0/25 --sport 22 -j ACCEPT
### tuple ### allow any any 0.0.0.0/0 22 192.168.43.0/25 in comment=31322920535348
-A ufw-user-input -p tcp -s 192.168.43.0/25 --sport 22 -j ACCEPT
-A ufw-user-input -p udp -s 192.168.43.0/25 --sport 22 -j ACCEPT
### tuple ### allow any 22 192.168.11.0/25 any 0.0.0.0/0 in comment=31332920535348
-A ufw-user-input -p tcp -d 192.168.11.0/25 --dport 22 -j ACCEPT
-A ufw-user-input -p udp -d 192.168.11.0/25 --dport 22 -j ACCEPT
### tuple ### allow any 22 192.168.21.0/25 any 0.0.0.0/0 in comment=31342920535348
-A ufw-user-input -p tcp -d 192.168.21.0/25 --dport 22 -j ACCEPT
-A ufw-user-input -p udp -d 192.168.21.0/25 --dport 22 -j ACCEPT
### tuple ### allow any 22 192.168.31.0/25 any 0.0.0.0/0 in comment=31352920535348
-A ufw-user-input -p tcp -d 192.168.31.0/25 --dport 22 -j ACCEPT
-A ufw-user-input -p udp -d 192.168.31.0/25 --dport 22 -j ACCEPT
### tuple ### allow any 22 192.168.41.0/25 any 0.0.0.0/0 in comment=31362920535348
-A ufw-user-input -p tcp -d 192.168.41.0/25 --dport 22 -j ACCEPT
-A ufw-user-input -p udp -d 192.168.41.0/25 --dport 22 -j ACCEPT
### tuple ### allow any 22 192.168.42.0/25 any 0.0.0.0/0 in comment=31372920535348
-A ufw-user-input -p tcp -d 192.168.42.0/25 --dport 22 -j ACCEPT
-A ufw-user-input -p udp -d 192.168.42.0/25 --dport 22 -j ACCEPT
### tuple ### allow any 22 192.168.43.0/25 any 0.0.0.0/0 in comment=31382920535348
-A ufw-user-input -p tcp -d 192.168.43.0/25 --dport 22 -j ACCEPT
-A ufw-user-input -p udp -d 192.168.43.0/25 --dport 22 -j ACCEPT
### END RULES ###
### LOGGING ###
-A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
-A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
### END LOGGING ###
### RATE LIMITING ###
-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT
-A ufw-user-limit-accept -j ACCEPT
### END RATE LIMITING ###
COMMIT
Reference in New Issue View Git Blame Copy Permalink