66 lines
2.8 KiB
Markdown
66 lines
2.8 KiB
Markdown
---
|
|
type: "topic"
|
|
created: "2024-04-08T05:03:29.762Z"
|
|
updated: "2024-04-14T00:50:25.358Z"
|
|
---
|
|
|
|
# Linux Firewall (ufw)
|
|
|
|
[Ubuntu](ubuntu.md)
|
|
|
|
```bash
|
|
sudo -i
|
|
ufw reset
|
|
ufw allow from 192.168.0.0/24 to any port 22 comment "01) SSH"
|
|
ufw allow to 0.0.0.0/0 port 80 comment "02) HTTP"
|
|
ufw allow to 0.0.0.0/0 port 443 comment "03) HTTPS"
|
|
ufw allow to 0.0.0.0/0 port 9418 comment "04) Git"
|
|
ufw allow from 192.168.0.0/24 to any port 8005 comment "05) Pi-hole"
|
|
ufw allow from 192.168.0.0/24 to any port 8006 comment "06) Ajenti"
|
|
ufw allow from 192.168.0.0/24 to any port 8007 comment "07) code-server"
|
|
ufw allow from 192.168.0.0/24 to any port 8008 comment "08) Nginx"
|
|
ufw allow from 192.168.0.0/24 to any port 5002 comment "09) BaGet"
|
|
ufw allow to 0.0.0.0/0 port 5000 comment "10) .netCore"
|
|
ufw allow to 0.0.0.0/0 port 5001 comment "11) .netCore"
|
|
ufw allow from 192.168.0.0/24 to any port 53 comment "12) DNS"
|
|
ufw allow from 192.168.0.0/24 to any port 67 comment "13) Unknown"
|
|
ufw allow from 192.168.0.0/24 to any port 9654 comment "14) barcode-server"
|
|
ufw allow from 192.168.0.0/24 to any port 8009 comment "15) barcode-server-statistics"
|
|
ufw allow from 0.0.0.0/0 to any port 9400 comment "16) dashkiosk"
|
|
ufw delete 16
|
|
ufw allow from 0.0.0.0/0 to any port 8010 comment "16) Test"
|
|
ufw allow from 0.0.0.0/0 to any port 5052 comment "17) NGINdeX.io"
|
|
ufw allow from 0.0.0.0/0 to any port 3000 comment "18) gogs"
|
|
ufw allow from 0.0.0.0/0 to any port 4001 comment "19) gogs"
|
|
ufw delete 19
|
|
ufw allow from 192.168.0.0/24 to any port 4001 comment "19) photoview api"
|
|
ufw allow from 192.168.0.0/24 to any port 1234 comment "20) photoview ui"
|
|
ufw allow from 192.168.0.0/24 to any port 3306 comment "21) mysql"
|
|
ufw allow from 192.168.0.0/24 to any port 8011 comment "22) syncthing"
|
|
ufw allow from 0.0.0.0/0 to any port 5201 comment "23) iperf3"
|
|
ufw allow from 0.0.0.0/0 to any port 5003 comment "24) Barcode-Host"
|
|
ufw status numbered
|
|
ufw enable
|
|
ufw allow from 0.0.0.0/0 to any port 8080 comment "24) acme-challenge"
|
|
```
|
|
|
|
```bash beelink & raspberrypi Sat Apr 13 2024 17:50:24 GMT-0700 (Mountain Standard Time)
|
|
ufw reset
|
|
ufw allow from 192.168.0.0/26 to any port 22 comment "01) SSH"
|
|
ufw allow to 0.0.0.0/0 port 80 comment "02) HTTP"
|
|
ufw allow to 0.0.0.0/0 port 443 comment "03) HTTPS"
|
|
ufw allow 53/tcp comment "04) DNS TCP"
|
|
ufw allow 53/udp comment "05) DNS UDP"
|
|
ufw allow 67/tcp comment "06) DHCP TCP"
|
|
ufw allow 67/udp comment "07) DHCP UDP"
|
|
ufw allow from 192.168.11.0/25 to any port 22 comment "08) SSH"
|
|
ufw allow from 192.168.21.0/25 to any port 22 comment "09) SSH"
|
|
ufw allow from 192.168.31.0/25 to any port 22 comment "10) SSH"
|
|
ufw allow from 192.168.41.0/25 to any port 22 comment "11) SSH"
|
|
ufw allow from 192.168.42.0/25 to any port 22 comment "12) SSH"
|
|
ufw allow from 192.168.43.0/25 to any port 22 comment "13) SSH"
|
|
ufw allow to 0.0.0.0/0 port 22 comment "14) SSH"
|
|
ufw enable
|
|
ufw status numbered
|
|
```
|