Difference between revisions of "Firewall"
From Blue-IT.org Wiki
(→Ubuntu ufw) |
(→Ubuntu ufw) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
Generally check status with | Generally check status with | ||
sudo ufw status verbose | sudo ufw status verbose | ||
| + | |||
| + | If you like to copy rules from one to another computer: rules are stored in | ||
| + | /lib/ufw | ||
| + | |||
| + | Configuration files are in | ||
| + | /etc/ufw | ||
| + | /etc/gufw | ||
=== Ggufw === | === Ggufw === | ||
| − | With single IP | + | With single IP from special client to your server. |
[[File:Regel_hinzufügen_002.png]] | [[File:Regel_hinzufügen_002.png]] | ||
| − | With IP range | + | With IP range from any client in subnet to your server. |
[[File:Regel_hinzufügen_003.png]] | [[File:Regel_hinzufügen_003.png]] | ||
| Line 41: | Line 48: | ||
=== Cups === | === Cups === | ||
sudo ufw allow from 192.168.1.0/24 to any app cups | sudo ufw allow from 192.168.1.0/24 to any app cups | ||
| + | |||
| + | [[Category:Security]] | ||
| + | [[Category:Network]] | ||
Latest revision as of 10:16, 19 February 2012
Contents
Ubuntu ufw
Generally check status with
sudo ufw status verbose
If you like to copy rules from one to another computer: rules are stored in
/lib/ufw
Configuration files are in
/etc/ufw /etc/gufw
Ggufw
With single IP from special client to your server.
With IP range from any client in subnet to your server.
Qsynergy
sudo ufw allow proto tcp to any port 24800 from 192.168.0.0/16
Samba
Easy setup
sudo ufw allow Samba
or
sudo ufw allow from any app Samba to 192.168.0.1 sudo ufw allow from 192.168.1.0/24 to any app samba
Special setup
Alter the ufw configuration file
gedit /etc/default/ufw
# The nf_contrack_netbios_ns has been added IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc nf_conntrack_netbios_ns"
Samba
sudo ufw allow proto tcp to any port 135 from 192.168.0.0/16 sudo ufw allow proto udp to any port 137 from 192.168.0.0/16 sudo ufw allow proto udp to any port 138 from 192.168.0.0/16 sudo ufw allow proto tcp to any port 139 from 192.168.0.0/16 sudo ufw allow proto tcp to any port 445 from 192.168.0.0/16
Avahi / bonjour /zeroconf
sudo ufw allow proto udp to any port 5353 from 192.168.0.0/16
Cups
sudo ufw allow from 192.168.1.0/24 to any app cups