Difference between revisions of "Firewall"

From Blue-IT.org Wiki

(Ggufw)
(Ubuntu ufw)
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
== Ubuntu ufw ==
 
== Ubuntu ufw ==
 +
Generally check status with
 +
sudo ufw status verbose
 +
 +
If you like to copy rules from one to another computer: rules are stored in
 +
/lib/ufw
 +
 +
Configuration files are in
 +
/etc/ufw
 +
/etc/gufw
 +
 
=== Ggufw ===
 
=== Ggufw ===
With IP range
+
With single IP from special client to your server.
 +
 
 
[[File:Regel_hinzufügen_002.png‎]]
 
[[File:Regel_hinzufügen_002.png‎]]
  
With single IP
+
With IP range from any client in subnet to your server.
 +
 
 
[[File:Regel_hinzufügen_003.png‎]]
 
[[File:Regel_hinzufügen_003.png‎]]
  
Line 11: Line 23:
  
 
=== Samba ===
 
=== Samba ===
 +
==== Easy setup ====
 +
sudo ufw allow Samba
 +
or
 +
sudo ufw allow from any app Samba to 192.168.0.1
 +
sudo ufw allow from 192.168.1.0/24 to any app samba
 +
 +
==== Special setup ====
 
Alter the ufw configuration file
 
Alter the ufw configuration file
 
  gedit /etc/default/ufw
 
  gedit /etc/default/ufw
Line 26: Line 45:
 
Avahi / bonjour /zeroconf
 
Avahi / bonjour /zeroconf
 
  sudo ufw allow proto udp to any port 5353 from 192.168.0.0/16
 
  sudo ufw allow proto udp to any port 5353 from 192.168.0.0/16
 +
 +
=== Cups ===
 +
sudo ufw allow from 192.168.1.0/24 to any app cups
 +
 +
[[Category:Security]]
 +
[[Category:Network]]

Latest revision as of 10:16, 19 February 2012

Ubuntu ufw

Generally check status with

sudo ufw status verbose

If you like to copy rules from one to another computer: rules are stored in

/lib/ufw

Configuration files are in

/etc/ufw
/etc/gufw

Ggufw

With single IP from special client to your server.

Regel hinzufügen 002.png

With IP range from any client in subnet to your server.

Regel hinzufügen 003.png

Qsynergy

sudo ufw allow proto tcp to any port 24800 from 192.168.0.0/16

Samba

Easy setup

sudo ufw allow Samba

or

sudo ufw allow from any app Samba to 192.168.0.1
sudo ufw allow from 192.168.1.0/24 to any app samba

Special setup

Alter the ufw configuration file

gedit /etc/default/ufw
# The nf_contrack_netbios_ns has been added
IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc nf_conntrack_netbios_ns"

Samba

sudo ufw allow proto tcp to any port 135 from 192.168.0.0/16
sudo ufw allow proto udp to any port 137 from 192.168.0.0/16
sudo ufw allow proto udp to any port 138 from 192.168.0.0/16
sudo ufw allow proto tcp to any port 139 from 192.168.0.0/16
sudo ufw allow proto tcp to any port 445 from 192.168.0.0/16

Avahi / bonjour /zeroconf

sudo ufw allow proto udp to any port 5353 from 192.168.0.0/16

Cups

sudo ufw allow from 192.168.1.0/24 to any app cups