Friday, April 1, 2011

[Level 3] Firewall in Ubuntu.

install gui tool for ufw
# apt-get -y install gufw
# gufw
use command(ufw) to setting firewall, and the config file in in /lib/ufw/user.rules
# ufw deny from any to any port 22
# ls -al /lib/ufw/user.rules -rw-r----- 1 root root 1405 2011-04-01 17:36 /lib/ufw/user.rules
# ufw delete deny from any to any port 22
# ls -al /lib/ufw/user.rules -rw-r----- 1 root root 1263 2011-04-01 17:36 /lib/ufw/user.rules
my setting history (reference only):
ufw disable
ufw default deny
ufw logging ON
ufw enable
ufw allow 22/tcp
ufw allow proto tcp from 192.168.1.0/24 to 192.168.1.101 port 80

use iptables command:
#!/bin/bash
MY_IP=192.168.100.101

# Flushing all rules and chains
iptables -F
iptables -X

# Setting default policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

# Allow traffic on loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow ssh for in/out
iptables -A INPUT -p tcp -s 0/0 -d $MY_IP --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s $MY_IP -d 0/0 --sport 22 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT

Some useful examples for iptables, click here.

Wish this helps.
regards,
Stanley Huang