FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 01-17-2009, 04:15 PM
"Roy M."
 
Default Help in setting Firewall (ufw)

Hello,

Can anyone help me to translate my requests below to ufw commands...

1. Block all access to server, except port 80 from public
2. Enable ssh access (listening on port 8900), from IP range
202.192.010.002 to 202.192.010.007

THx...

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-17-2009, 04:58 PM
Leonard Chatagnier
 
Default Help in setting Firewall (ufw)

--- On Sat, 1/17/09, Roy M. <setesting001@gmail.com> wrote:

> From: Roy M. <setesting001@gmail.com>
> Subject: Help in setting Firewall (ufw)
> To: ubuntu-users@lists.ubuntu.com
> Date: Saturday, January 17, 2009, 11:15 AM
> Hello,
>
> Can anyone help me to translate my requests below to ufw
> commands...
>
> 1. Block all access to server, except port 80 from public
> 2. Enable ssh access (listening on port 8900), from IP
> range
> 202.192.010.002 to 202.192.010.007
>
> THx...
>
>
Have you looked at "man ufw" as it looks pretty simple to
do what you are asking about; or, maybe you are like me
and don't understand about FW rules. Also, there is gui
tool, gufw, that may be easier for you to use. I don't
understand all this, but I think I could do what you
want by using the man and the "dry run" option which
would probably tell you if the syntax your usisg is
OK or not. HTH
Leonard Chatagnier
lenc5570@sbcglobal.net

--
> ubuntu-users mailing list
> ubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-18-2009, 12:33 AM
Knute Johnson
 
Default Help in setting Firewall (ufw)

Roy M. wrote:
> Hello,
>
> Can anyone help me to translate my requests below to ufw commands...
>
> 1. Block all access to server, except port 80 from public
> 2. Enable ssh access (listening on port 8900), from IP range
> 202.192.010.002 to 202.192.010.007
>
> THx...
>

sudo ufw enable

sudo ufw allow 80/tcp

sudo ufw allow proto tcp from 202.192.10.2 to any port 8900
sudo ufw allow proto tcp from 202.192.10.3 to any port 8900
.4
.5
etc

You have to do these separately as there is no way to do just the few
you want with one command.

--

Knute Johnson
knute2009@www.knutejohnson.com


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-18-2009, 01:13 AM
Knute Johnson
 
Default Help in setting Firewall (ufw)

Roy M. wrote:
> Hello,
>
> Can anyone help me to translate my requests below to ufw commands...
>
> 1. Block all access to server, except port 80 from public
> 2. Enable ssh access (listening on port 8900), from IP range
> 202.192.010.002 to 202.192.010.007
>
> THx...
>

If this shows up twice, I apologize. Something is amiss in my mail program.

sudo ufw enable

sudo ufw allow 80/tcp

sudo ufw allow proto tcp from 202.192.10.2 to any port 8900
sudo ufw allow proto tcp from 202.192.10.3 to any port 8900
.4
.5
etc

You have to do these separately as there is no way to do just the few
you want with one command.

--

Knute Johnson
knute2009@www.knutejohnson.com


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-18-2009, 07:34 AM
scott
 
Default Help in setting Firewall (ufw)

Knute Johnson wrote:
> Roy M. wrote:
>> Hello,
>>
>> Can anyone help me to translate my requests below to ufw commands...
>>
>> 1. Block all access to server, except port 80 from public
>> 2. Enable ssh access (listening on port 8900), from IP range
>> 202.192.010.002 to 202.192.010.007
>>
>> THx...
>>
>
> If this shows up twice, I apologize. Something is amiss in my mail program.
>
> sudo ufw enable
>
> sudo ufw allow 80/tcp
>
> sudo ufw allow proto tcp from 202.192.10.2 to any port 8900
> sudo ufw allow proto tcp from 202.192.10.3 to any port 8900
> .4
> .5
> etc
>
> You have to do these separately as there is no way to do just the few
> you want with one command.
>
Or simply learn Ip tables. Man IPTables is a great start.

The really lazy can use arno's firewall and study it's syntax. Oh
yeah, it's arno-iptables-firewall for the junior people. A really good
start.

Scott


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-19-2009, 11:33 PM
Ray Parrish
 
Default Help in setting Firewall (ufw)

scott wrote:
> Knute Johnson wrote:
>
>> Roy M. wrote:
>>
>>> Hello,
>>>
>>> Can anyone help me to translate my requests below to ufw commands...
>>>
>>> 1. Block all access to server, except port 80 from public
>>> 2. Enable ssh access (listening on port 8900), from IP range
>>> 202.192.010.002 to 202.192.010.007
>>>
>>> THx...
>>>
>>>
>> If this shows up twice, I apologize. Something is amiss in my mail program.
>>
>> sudo ufw enable
>>
>> sudo ufw allow 80/tcp
>>
>> sudo ufw allow proto tcp from 202.192.10.2 to any port 8900
>> sudo ufw allow proto tcp from 202.192.10.3 to any port 8900
>> .4
>> .5
>> etc
>>
>> You have to do these separately as there is no way to do just the few
>> you want with one command.
>>
>>
> Or simply learn Ip tables. Man IPTables is a great start.
>
> The really lazy can use arno's firewall and study it's syntax. Oh
> yeah, it's arno-iptables-firewall for the junior people. A really good
> start.
>
> Scott
>
>
>
Hello,

I was wondering as I've been following this thread, if this can also be
accomplished by making a couple of changes in the hosts.allow and
hosts.deny files? I know that to block all connections from the outside,
one simply makes the hosts.deny file contain the one command ALL: ALL,
and further that you can then use the hosts.allow file to whitelist
exceptions to that global blockage, but I'm not very familiar with the
possible entries that can be made in hosts.allow, and whether they
include the ability to specify ports and ip addresses, instead of just
host names and services.

I will also exercise my prerogative to RTFM on this question, after I'm
through reading my group mails for the day, but thought that if it is
possible, it would be an informative addition to this thread.

Thanks, Ray Parrish

--
http://www.rayslinks.com/ Web index of human reviewed links.
<http://www.rayslinks.com/Troubleshooting%20and%20fixing%20Windows.html>
Trouble shooting and Fixing Windows
http://www.writingsoftheschizophrenic.com My poetry in web pages


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-20-2009, 12:06 AM
Charlie Kravetz
 
Default Help in setting Firewall (ufw)

On Mon, 19 Jan 2009 16:33:02 -0800
Ray Parrish <crp@cmc.net> wrote:

> scott wrote:
> > Knute Johnson wrote:
> >
> >> Roy M. wrote:
> >>
> >>> Hello,
> >>>
> >>> Can anyone help me to translate my requests below to ufw
> >>> commands...
> >>>
> >>> 1. Block all access to server, except port 80 from public
> >>> 2. Enable ssh access (listening on port 8900), from IP range
> >>> 202.192.010.002 to 202.192.010.007
> >>>
> >>> THx...
> >>>
> >>>
> >> If this shows up twice, I apologize. Something is amiss in my mail
> >> program.
> >>
> >> sudo ufw enable
> >>
> >> sudo ufw allow 80/tcp
> >>
> >> sudo ufw allow proto tcp from 202.192.10.2 to any port 8900
> >> sudo ufw allow proto tcp from 202.192.10.3 to any port 8900
> >> .4
> >> .5
> >> etc
> >>
> >> You have to do these separately as there is no way to do just the
> >> few you want with one command.
> >>
> >>
> > Or simply learn Ip tables. Man IPTables is a great start.
> >
> > The really lazy can use arno's firewall and study it's syntax. Oh
> > yeah, it's arno-iptables-firewall for the junior people. A really
> > good start.
> >
> > Scott
> >
> >
> >
> Hello,
>
> I was wondering as I've been following this thread, if this can also
> be accomplished by making a couple of changes in the hosts.allow and
> hosts.deny files? I know that to block all connections from the
> outside, one simply makes the hosts.deny file contain the one command
> ALL: ALL, and further that you can then use the hosts.allow file to
> whitelist exceptions to that global blockage, but I'm not very
> familiar with the possible entries that can be made in hosts.allow,
> and whether they include the ability to specify ports and ip
> addresses, instead of just host names and services.
>
> I will also exercise my prerogative to RTFM on this question, after
> I'm through reading my group mails for the day, but thought that if
> it is possible, it would be an informative addition to this thread.
>
> Thanks, Ray Parrish
>

Host.allow can contain IP addresses; as a matter of fact, it must
contain only IP addresses if used for NFS.



--
Charlie Kravetz
Linux Registered User Number 425914 [http://counter.li.org/]
Never let anyone steal your DREAM. [http://keepingdreams.com]

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 01:28 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org