Difference between revisions of "Ubuntu Firewall"
From FusionPBX
(→Configure the Uncomplicated FireWall via CLI) |
(→Blacklist) |
||
(17 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
Ubuntu includes ufw (uncomplicated firewall) by default, but it is not enabled. | Ubuntu includes ufw (uncomplicated firewall) by default, but it is not enabled. | ||
− | ==Configure | + | ==Configure by command line== |
+ | |||
+ | Install UFW | ||
sudo su | sudo su | ||
+ | apt-get install ufw | ||
+ | |||
+ | SSH | ||
ufw allow ssh | ufw allow ssh | ||
− | + | ||
+ | HTTP/HTTPS - FusionPBX | ||
ufw allow 80/tcp | ufw allow 80/tcp | ||
ufw allow 443/tcp | ufw allow 443/tcp | ||
− | + | ||
+ | SIP and RTP - FreeSWITCH | ||
+ | ufw allow proto tcp from any to any port 5060:5069 | ||
+ | ufw allow proto udp from any to any port 5060:5069 | ||
+ | ufw allow 5080 | ||
+ | ufw allow 5081 | ||
+ | ufw allow proto udp from any to any port 16383:32768 | ||
+ | |||
+ | Enable UFW | ||
+ | ufw default deny | ||
+ | ufw enable | ||
+ | ufw logging on | ||
+ | |||
+ | ==Blacklist== | ||
+ | |||
+ | Blacklist the IP address | ||
+ | ufw insert 1 deny from x.x.x.x | ||
+ | |||
+ | Remove the blacklisted IP address | ||
+ | ufw delete allow x.x.x.x | ||
+ | |||
+ | (Replace x.x.x.x with the IP Address in the following commands.) | ||
+ | |||
+ | ==Optional== | ||
+ | |||
+ | OpenVPN | ||
+ | ufw allow 1194/udp | ||
+ | ufw allow 1194/tcp | ||
+ | |||
+ | H323 | ||
ufw allow 1719/udp | ufw allow 1719/udp | ||
ufw allow 1720/tcp | ufw allow 1720/tcp | ||
+ | |||
+ | STUN | ||
ufw allow 3478/udp | ufw allow 3478/udp | ||
ufw allow 3479/udp | ufw allow 3479/udp | ||
+ | |||
+ | MLP protocol server | ||
ufw allow 5002/tcp | ufw allow 5002/tcp | ||
+ | |||
+ | Neighborhood service | ||
ufw allow 5003/udp | ufw allow 5003/udp | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | ==Additional Commands== | |
− | |||
− | |||
ufw status | ufw status | ||
− | + | ufw delete 3 | |
==More Information== | ==More Information== | ||
https://help.ubuntu.com/10.04/serverguide/C/firewall.html | https://help.ubuntu.com/10.04/serverguide/C/firewall.html | ||
+ | |||
+ | http://pka.engr.ccny.cuny.edu/~jmao/node/28 | ||
https://help.ubuntu.com/community/UFW | https://help.ubuntu.com/community/UFW | ||
man ufw | man ufw |
Latest revision as of 16:27, 1 September 2014
Ubuntu includes ufw (uncomplicated firewall) by default, but it is not enabled.
Contents
Configure by command line
Install UFW
sudo su apt-get install ufw
SSH
ufw allow ssh
HTTP/HTTPS - FusionPBX
ufw allow 80/tcp ufw allow 443/tcp
SIP and RTP - FreeSWITCH
ufw allow proto tcp from any to any port 5060:5069 ufw allow proto udp from any to any port 5060:5069 ufw allow 5080 ufw allow 5081 ufw allow proto udp from any to any port 16383:32768
Enable UFW
ufw default deny ufw enable ufw logging on
Blacklist
Blacklist the IP address
ufw insert 1 deny from x.x.x.x
Remove the blacklisted IP address
ufw delete allow x.x.x.x
(Replace x.x.x.x with the IP Address in the following commands.)
Optional
OpenVPN
ufw allow 1194/udp ufw allow 1194/tcp
H323
ufw allow 1719/udp ufw allow 1720/tcp
STUN
ufw allow 3478/udp ufw allow 3479/udp
MLP protocol server
ufw allow 5002/tcp
Neighborhood service
ufw allow 5003/udp
Additional Commands
ufw status ufw delete 3
More Information
https://help.ubuntu.com/10.04/serverguide/C/firewall.html
http://pka.engr.ccny.cuny.edu/~jmao/node/28
https://help.ubuntu.com/community/UFW
man ufw